Overview

overview

10

Static

static

10

1920998df6...6d.exe

windows7_x64

10

1920998df6...6d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1920998df65bf1dbf37434e394feb8fa29c8b786496463f4b0bad0229b87fa6d

  • Size

    99KB

  • Sample

    220212-dd219afbe2

  • MD5

    ba02812316eb6ea7c4ba1af31d83b63d

  • SHA1

    3fc85f3b9b267b00fea32996cf4b46e45167bd7e

  • SHA256

    1920998df65bf1dbf37434e394feb8fa29c8b786496463f4b0bad0229b87fa6d

  • SHA512

    f41a49d2cc39fd63b1b54417da2fe18514db6f7758102c2093be045f1f2135ed3ae08e02637ee14525d95aabbacdaaef48a3f950def8f4eedf3817616cccfc7f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1920998df65bf1dbf37434e394feb8fa29c8b786496463f4b0bad0229b87fa6d

    • Size

      99KB

    • MD5

      ba02812316eb6ea7c4ba1af31d83b63d

    • SHA1

      3fc85f3b9b267b00fea32996cf4b46e45167bd7e

    • SHA256

      1920998df65bf1dbf37434e394feb8fa29c8b786496463f4b0bad0229b87fa6d

    • SHA512

      f41a49d2cc39fd63b1b54417da2fe18514db6f7758102c2093be045f1f2135ed3ae08e02637ee14525d95aabbacdaaef48a3f950def8f4eedf3817616cccfc7f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks