Overview

overview

10

Static

static

1779a45c3c...cc.exe

windows7_x64

10

1779a45c3c...cc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1779a45c3cc90c9c515d645abbca529650214ac888caa40b9695f976f9dfd1cc

  • Size

    60KB

  • Sample

    220212-d2n5ashadr

  • MD5

    8ea0f0ad7c354d457e70cabee06aceba

  • SHA1

    7debb9d5f9071bf4d74308a2bd832c86c2dcfe96

  • SHA256

    1779a45c3cc90c9c515d645abbca529650214ac888caa40b9695f976f9dfd1cc

  • SHA512

    873ac1aa8b9bc5bf9f3f016d32e092e48551c8d3e1a9544c6420674393b430e5a2f1757a1607aa9c694143b5ae72930f5a2d6f660c56ccfec7c588f78fe30ea1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1779a45c3cc90c9c515d645abbca529650214ac888caa40b9695f976f9dfd1cc

    • Size

      60KB

    • MD5

      8ea0f0ad7c354d457e70cabee06aceba

    • SHA1

      7debb9d5f9071bf4d74308a2bd832c86c2dcfe96

    • SHA256

      1779a45c3cc90c9c515d645abbca529650214ac888caa40b9695f976f9dfd1cc

    • SHA512

      873ac1aa8b9bc5bf9f3f016d32e092e48551c8d3e1a9544c6420674393b430e5a2f1757a1607aa9c694143b5ae72930f5a2d6f660c56ccfec7c588f78fe30ea1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks