Overview

overview

10

Static

static

191a2a071b...98.exe

windows7_x64

10

191a2a071b...98.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    191a2a071bc78df87bd7e06c8ca127d19ddd1842a813b7c34571b070cda92698

  • Size

    60KB

  • Sample

    220212-defjmsgfhj

  • MD5

    84cdb866209916725e29b5c34d7071c6

  • SHA1

    98f2cd7e1da19716c519c8be3c6200ed4d61eff9

  • SHA256

    191a2a071bc78df87bd7e06c8ca127d19ddd1842a813b7c34571b070cda92698

  • SHA512

    cf6b6fef2a2068a35544ce20a501770302a169baa5c4dcf6603c828e6861d810a3799f083a35826f61fda78f25d88b3bbfb974725a80b6ed8b58cd169f8a6e88

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      191a2a071bc78df87bd7e06c8ca127d19ddd1842a813b7c34571b070cda92698

    • Size

      60KB

    • MD5

      84cdb866209916725e29b5c34d7071c6

    • SHA1

      98f2cd7e1da19716c519c8be3c6200ed4d61eff9

    • SHA256

      191a2a071bc78df87bd7e06c8ca127d19ddd1842a813b7c34571b070cda92698

    • SHA512

      cf6b6fef2a2068a35544ce20a501770302a169baa5c4dcf6603c828e6861d810a3799f083a35826f61fda78f25d88b3bbfb974725a80b6ed8b58cd169f8a6e88

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks