Overview

overview

10

Static

static

10

f38854bf5b...74.exe

windows7_x64

10

f38854bf5b...74.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74

  • Size

    89KB

  • Sample

    220130-yldzlsadb8

  • MD5

    470e8dd406407b50483ce40de46660af

  • SHA1

    36031722ac4914339508105bc92a7b3c947f72f5

  • SHA256

    f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74

  • SHA512

    1d42101f6802a3ae886140a2ca3a135b58f5d818cb31fb5eac2558189021cdd72cf5156b2d1f2c2184d7b0086cff96b4cf1330064d3717c68fa273f6e62f2146

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74

    • Size

      89KB

    • MD5

      470e8dd406407b50483ce40de46660af

    • SHA1

      36031722ac4914339508105bc92a7b3c947f72f5

    • SHA256

      f38854bf5b682606ca04e03bc0fafc04554d74b926c234a5521e9e90f2809c74

    • SHA512

      1d42101f6802a3ae886140a2ca3a135b58f5d818cb31fb5eac2558189021cdd72cf5156b2d1f2c2184d7b0086cff96b4cf1330064d3717c68fa273f6e62f2146

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks