Overview

overview

10

Static

static

5

6958be6fba...1N.exe

windows7-x64

10

6958be6fba...1N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6958be6fbaf7cbcdf52d9d5fbac1b53b332c59fc3339b63536554392ba56c7b1N

  • Size

    283KB

  • Sample

    241001-mqtebavemm

  • MD5

    f939079733fccb00db0356d07f3c29c0

  • SHA1

    d1ac9a4713e684c68de1bf1cff164797945caa86

  • SHA256

    6958be6fbaf7cbcdf52d9d5fbac1b53b332c59fc3339b63536554392ba56c7b1

  • SHA512

    de3add44f6cb2388e49c6f57c6c2f7c4d66936faf16d3ff85dca87d263df4631ed590f23b25e6c8f6228784e5b019185e5c3d63f12dd52fa2206c593f8e94e6a

  • SSDEEP

    1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJS:Nm2rocIyhYtJxKJqrout+BsZha

Score
10/10
sakuladiscoverypersistencerattrojanupx

Malware Config

Targets

    • Target

      6958be6fbaf7cbcdf52d9d5fbac1b53b332c59fc3339b63536554392ba56c7b1N

    • Size

      283KB

    • MD5

      f939079733fccb00db0356d07f3c29c0

    • SHA1

      d1ac9a4713e684c68de1bf1cff164797945caa86

    • SHA256

      6958be6fbaf7cbcdf52d9d5fbac1b53b332c59fc3339b63536554392ba56c7b1

    • SHA512

      de3add44f6cb2388e49c6f57c6c2f7c4d66936faf16d3ff85dca87d263df4631ed590f23b25e6c8f6228784e5b019185e5c3d63f12dd52fa2206c593f8e94e6a

    • SSDEEP

      1536:NU9abrtX4oocIK3yQkaY9z/S0hhnDiKKJqTnouy8HeBsCXKTnhxJS:Nm2rocIyhYtJxKJqrout+BsZha

    Score
    10/10
    sakuladiscoverypersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks