Overview

overview

10

Static

static

10

6b0b6bd872...a3.exe

windows7_x64

10

6b0b6bd872...a3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3

  • Size

    89KB

  • Sample

    220121-3wjp3adfd3

  • MD5

    ff1d5c6a476a56eb7ca4e38b57761a4e

  • SHA1

    d28b488ba651777790f824385aaf0d9acf02c9c2

  • SHA256

    6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3

  • SHA512

    6e63b9d03419b3a801de63ff5ccd04d5a32a5b554c988083038d292f2d7a23b692bf0bd5816a5d2507d27b59f41c538caa70ad4313292505107f6f7d7a56fcf4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3

    • Size

      89KB

    • MD5

      ff1d5c6a476a56eb7ca4e38b57761a4e

    • SHA1

      d28b488ba651777790f824385aaf0d9acf02c9c2

    • SHA256

      6b0b6bd87264f526e5e30e69ddcf644ff5bbccf927c90681c42a1f7d6a736ea3

    • SHA512

      6e63b9d03419b3a801de63ff5ccd04d5a32a5b554c988083038d292f2d7a23b692bf0bd5816a5d2507d27b59f41c538caa70ad4313292505107f6f7d7a56fcf4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks