Overview

overview

10

Static

static

10

7831cef81e...77.exe

windows7_x64

10

7831cef81e...77.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77

  • Size

    92KB

  • Sample

    220130-yx8y5ahhgl

  • MD5

    4315274a5eda74cd81a5ec44980876e8

  • SHA1

    4ea844bfa9d486cbeb065e83e0f835a06ab3cc6c

  • SHA256

    7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77

  • SHA512

    c715373a19373dc7af4f2b53cbc2a3972ba2caa5790f00031ed759f55077383dd4051765e4cab5db7027cc4dc27d609350d27ec144141d1341c15983bc71fdcd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77

    • Size

      92KB

    • MD5

      4315274a5eda74cd81a5ec44980876e8

    • SHA1

      4ea844bfa9d486cbeb065e83e0f835a06ab3cc6c

    • SHA256

      7831cef81e160ffdc6ca14155433f8044b29f235f2c5a2123d6389f6471c7e77

    • SHA512

      c715373a19373dc7af4f2b53cbc2a3972ba2caa5790f00031ed759f55077383dd4051765e4cab5db7027cc4dc27d609350d27ec144141d1341c15983bc71fdcd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks