Overview

overview

10

Static

static

10

1900d9dd06...f6.exe

windows7_x64

10

1900d9dd06...f6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1900d9dd06550dbc660352dd3b612fffc0b8e416ac6ff6efb8e63290e11bddf6

  • Size

    92KB

  • Sample

    220212-de6e3afbf3

  • MD5

    028ffb4533db82668a3e530e66c1a47e

  • SHA1

    54f3136238f97437819073c6222f8784a5b51d2c

  • SHA256

    1900d9dd06550dbc660352dd3b612fffc0b8e416ac6ff6efb8e63290e11bddf6

  • SHA512

    1dc871238680f891ad4d0208fb87d3309b3f0489e5dce23b56013973470e4e0fa4e7c34aa1f29f3a55b39e461c3419dfa80ddd632b1d73d3c24ac1b7449096ba

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1900d9dd06550dbc660352dd3b612fffc0b8e416ac6ff6efb8e63290e11bddf6

    • Size

      92KB

    • MD5

      028ffb4533db82668a3e530e66c1a47e

    • SHA1

      54f3136238f97437819073c6222f8784a5b51d2c

    • SHA256

      1900d9dd06550dbc660352dd3b612fffc0b8e416ac6ff6efb8e63290e11bddf6

    • SHA512

      1dc871238680f891ad4d0208fb87d3309b3f0489e5dce23b56013973470e4e0fa4e7c34aa1f29f3a55b39e461c3419dfa80ddd632b1d73d3c24ac1b7449096ba

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks