Overview

overview

10

Static

static

3

5b0a558904...79.exe

windows7-x64

10

5b0a558904...79.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b0a5589048829a20f209a97a8112225fb2a2d16f49f6adaeb6b2a562c513b79

  • Size

    35KB

  • Sample

    241231-2pv9vatjgx

  • MD5

    6572fe2cb2f84977a5f9209582add466

  • SHA1

    7ed8977b2e7a7b0f803ac556237d48198ec014f4

  • SHA256

    5b0a5589048829a20f209a97a8112225fb2a2d16f49f6adaeb6b2a562c513b79

  • SHA512

    bc4abd5944ddfbfa2d9627fc86e204d34fac9f40593d329c7568e189e2cc9662758c161e24f15d8e151763efa8c8c8497d86d193f1c961a7152125eaa028c2bb

  • SSDEEP

    768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dj:TwbYP4nuEApQK4TQbtY2gA9DX+ytBO9

Score
10/10
sakuladiscoverypersistencerattrojan

Malware Config

Targets

    • Target

      5b0a5589048829a20f209a97a8112225fb2a2d16f49f6adaeb6b2a562c513b79

    • Size

      35KB

    • MD5

      6572fe2cb2f84977a5f9209582add466

    • SHA1

      7ed8977b2e7a7b0f803ac556237d48198ec014f4

    • SHA256

      5b0a5589048829a20f209a97a8112225fb2a2d16f49f6adaeb6b2a562c513b79

    • SHA512

      bc4abd5944ddfbfa2d9627fc86e204d34fac9f40593d329c7568e189e2cc9662758c161e24f15d8e151763efa8c8c8497d86d193f1c961a7152125eaa028c2bb

    • SSDEEP

      768:TwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dj:TwbYP4nuEApQK4TQbtY2gA9DX+ytBO9

    Score
    10/10
    sakuladiscoverypersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula family

      sakula

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks