Overview

overview

10

Static

static

10

194d53a645...9a.exe

windows7_x64

10

194d53a645...9a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    194d53a645d6edab68c3b2297182ee11db1665a506057214aa22f460cd5a109a

  • Size

    100KB

  • Sample

    220212-db7tqagfeq

  • MD5

    c460a53dd4cd9fb2147cc746891de6ac

  • SHA1

    0d68dafc57929b97f7b1c3745154ca8aa8993836

  • SHA256

    194d53a645d6edab68c3b2297182ee11db1665a506057214aa22f460cd5a109a

  • SHA512

    9e0e2c68c5b556d142aae1e1dbe09f8ec091b1101590a26df78f29182574233eeeff18473d184e1389528b79111daea55275cf60753e8e72dcf62a200053252e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      194d53a645d6edab68c3b2297182ee11db1665a506057214aa22f460cd5a109a

    • Size

      100KB

    • MD5

      c460a53dd4cd9fb2147cc746891de6ac

    • SHA1

      0d68dafc57929b97f7b1c3745154ca8aa8993836

    • SHA256

      194d53a645d6edab68c3b2297182ee11db1665a506057214aa22f460cd5a109a

    • SHA512

      9e0e2c68c5b556d142aae1e1dbe09f8ec091b1101590a26df78f29182574233eeeff18473d184e1389528b79111daea55275cf60753e8e72dcf62a200053252e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks