Overview

overview

10

Static

static

10

8a955b35c8...78.exe

windows7_x64

10

8a955b35c8...78.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78

  • Size

    89KB

  • Sample

    220130-ydvmdsabh2

  • MD5

    492c59bddbcbe7cbd2f932655181fb08

  • SHA1

    93229172020b93a506549d505148b5c9e80d643b

  • SHA256

    8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78

  • SHA512

    03591f35373f1a42fd2db8bd6da119e1cb06118820ee4113f23458b6efad30580427688b3af43657b51b74b7411c72245188a6e77cbc72b6a6782c73d94a50e3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78

    • Size

      89KB

    • MD5

      492c59bddbcbe7cbd2f932655181fb08

    • SHA1

      93229172020b93a506549d505148b5c9e80d643b

    • SHA256

      8a955b35c86e3bfc05ca6654723179d766ad6960ecb8e768abd1f56c24102d78

    • SHA512

      03591f35373f1a42fd2db8bd6da119e1cb06118820ee4113f23458b6efad30580427688b3af43657b51b74b7411c72245188a6e77cbc72b6a6782c73d94a50e3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks