Overview

overview

10

Static

static

10

193552a0f0...75.exe

windows7_x64

10

193552a0f0...75.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    193552a0f08b0f8c7b421467fd2a0818967cc3fad1dc000037cd836603f2f175

  • Size

    79KB

  • Sample

    220212-ddal1afbd5

  • MD5

    038e392d80ae62fc914f5967f5028789

  • SHA1

    611c060111dfeb636753ebe353cf14d7b1879cc5

  • SHA256

    193552a0f08b0f8c7b421467fd2a0818967cc3fad1dc000037cd836603f2f175

  • SHA512

    08a893c2e8f8f3e10e5772f3916dea50c71547fb22ac8040ef7cc324f7ee074b8be54c412978eecbfc2dfd401972f6dff67f1b7cdc23a6b998923f56a34713c3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      193552a0f08b0f8c7b421467fd2a0818967cc3fad1dc000037cd836603f2f175

    • Size

      79KB

    • MD5

      038e392d80ae62fc914f5967f5028789

    • SHA1

      611c060111dfeb636753ebe353cf14d7b1879cc5

    • SHA256

      193552a0f08b0f8c7b421467fd2a0818967cc3fad1dc000037cd836603f2f175

    • SHA512

      08a893c2e8f8f3e10e5772f3916dea50c71547fb22ac8040ef7cc324f7ee074b8be54c412978eecbfc2dfd401972f6dff67f1b7cdc23a6b998923f56a34713c3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks