Overview

overview

10

Static

static

10

3926f6c04f...46.exe

windows7_x64

10

3926f6c04f...46.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746

  • Size

    89KB

  • Sample

    220122-bvv8xsggh5

  • MD5

    97a6e9e93bc591baf588bada61559d6a

  • SHA1

    4f7236e2160cd9a8e9d3b326874b32a3cdf4273a

  • SHA256

    3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746

  • SHA512

    ef4ee2624ac586ffd9aecfd9e9b9e889106854405914e4de687431487a41c8d09a913660035c33cd8595973fa6e1376adda0658ba7122a9e142823aa4c2d4942

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746

    • Size

      89KB

    • MD5

      97a6e9e93bc591baf588bada61559d6a

    • SHA1

      4f7236e2160cd9a8e9d3b326874b32a3cdf4273a

    • SHA256

      3926f6c04f2e3108a552f0c22c67a718f246a069b3207d6e4e1f64557de45746

    • SHA512

      ef4ee2624ac586ffd9aecfd9e9b9e889106854405914e4de687431487a41c8d09a913660035c33cd8595973fa6e1376adda0658ba7122a9e142823aa4c2d4942

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks