Overview

overview

10

Static

static

10

641b225c69...ec.exe

windows7_x64

10

641b225c69...ec.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec

  • Size

    290KB

  • Sample

    220130-xy8t3shahr

  • MD5

    4f545dff49f81d08736a782751450f71

  • SHA1

    ad82ab937e28a6ddba4a837684185255b26d35ab

  • SHA256

    641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec

  • SHA512

    b62d97e2c8e189020d2d736e449bf1d148b4f97e4f0f16141fcc78a37f5148d75cf5929e1da43492660f9c10261f180dd6af1dfd407470c171ef7faced7d1fb2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec

    • Size

      290KB

    • MD5

      4f545dff49f81d08736a782751450f71

    • SHA1

      ad82ab937e28a6ddba4a837684185255b26d35ab

    • SHA256

      641b225c6954c05482069a7b808b24ab8c9dc8c95790d8cf8f4c63d9ebbd6fec

    • SHA512

      b62d97e2c8e189020d2d736e449bf1d148b4f97e4f0f16141fcc78a37f5148d75cf5929e1da43492660f9c10261f180dd6af1dfd407470c171ef7faced7d1fb2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks