Overview

overview

10

Static

static

1751599e08...2d.exe

windows7_x64

10

1751599e08...2d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1751599e089000c4338d53a07a5fce3265409e8ecd3b3ad3950f38ff3b61ac2d

  • Size

    60KB

  • Sample

    220212-d4g4rshafl

  • MD5

    d07050c7f04bbc9cfe578cd75ebd2b96

  • SHA1

    2b3bf948e055e4e29ad9c7fe3703ca39b0bd3812

  • SHA256

    1751599e089000c4338d53a07a5fce3265409e8ecd3b3ad3950f38ff3b61ac2d

  • SHA512

    f0f1425f6482b0a2be98d2a7c617ba545ce4c046d20a8002b0c6432ba974ab692c01ec94c247bca877c14241cd2698a2b52be9ff857e3653874dd2c842672dce

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1751599e089000c4338d53a07a5fce3265409e8ecd3b3ad3950f38ff3b61ac2d

    • Size

      60KB

    • MD5

      d07050c7f04bbc9cfe578cd75ebd2b96

    • SHA1

      2b3bf948e055e4e29ad9c7fe3703ca39b0bd3812

    • SHA256

      1751599e089000c4338d53a07a5fce3265409e8ecd3b3ad3950f38ff3b61ac2d

    • SHA512

      f0f1425f6482b0a2be98d2a7c617ba545ce4c046d20a8002b0c6432ba974ab692c01ec94c247bca877c14241cd2698a2b52be9ff857e3653874dd2c842672dce

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks