Overview

overview

10

Static

static

10

c2e834b5b8...a3.exe

windows7_x64

10

c2e834b5b8...a3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3

  • Size

    92KB

  • Sample

    220121-3y7vnsebgm

  • MD5

    f918fc73484f2a1684de53040ec816d2

  • SHA1

    796080461264030812d4a8d149b07a012da1f747

  • SHA256

    c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3

  • SHA512

    968369c86a7c9f55e2c7d4da2855f35e49e20cbb7aeb0cdf70c9e0a732dc246cddfd1800e9441b48dc540ad3001a1194e3c496e9afc78a1e8981405d40f611bc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3

    • Size

      92KB

    • MD5

      f918fc73484f2a1684de53040ec816d2

    • SHA1

      796080461264030812d4a8d149b07a012da1f747

    • SHA256

      c2e834b5b8c69d71b351cb3df1c14a85ba301ff5f136ea445c6cbb310c75cfa3

    • SHA512

      968369c86a7c9f55e2c7d4da2855f35e49e20cbb7aeb0cdf70c9e0a732dc246cddfd1800e9441b48dc540ad3001a1194e3c496e9afc78a1e8981405d40f611bc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks