Overview

overview

10

Static

static

10

34539aa85f...1c.exe

windows7_x64

10

34539aa85f...1c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c

  • Size

    89KB

  • Sample

    220130-yzspxsafg4

  • MD5

    4297e98e6d7ea326dee3d13e53aa8d70

  • SHA1

    58048d8322e3648d6a3ece2ec9038d438c687710

  • SHA256

    34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c

  • SHA512

    4d312269a502d664e82683d9cc54dc9a5cc080223af8bd3c3c17981008dcbc2a53499a30d69a55dc0dbe2e86d6877b8c04e701bacfe0df1d95c83799952aa130

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c

    • Size

      89KB

    • MD5

      4297e98e6d7ea326dee3d13e53aa8d70

    • SHA1

      58048d8322e3648d6a3ece2ec9038d438c687710

    • SHA256

      34539aa85fcdbd8169a9648c63b7cbc74f4bc0ca7881fd2e03ef7fe1281d0c1c

    • SHA512

      4d312269a502d664e82683d9cc54dc9a5cc080223af8bd3c3c17981008dcbc2a53499a30d69a55dc0dbe2e86d6877b8c04e701bacfe0df1d95c83799952aa130

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks