Overview

overview

10

Static

static

19164b5af5...64.exe

windows7_x64

10

19164b5af5...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19164b5af56afd167437689b1f0e63ceefe6e1fcc2bf95e525aa577abd2ac664

  • Size

    58KB

  • Sample

    220212-dektcsfbe8

  • MD5

    cc6f6370f00229f6e96bbb1519fd2b8d

  • SHA1

    dcf21102b54eb0f36e9b08fb41755fbc971b5868

  • SHA256

    19164b5af56afd167437689b1f0e63ceefe6e1fcc2bf95e525aa577abd2ac664

  • SHA512

    67bb1be4f312350a23fb047ad82b1d72cb09d1a63adf517513b763395f313296b1308e3e25661b2c8bb457e352acfe85a2a2ce15e93390ef04d8a0c13a53f112

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      19164b5af56afd167437689b1f0e63ceefe6e1fcc2bf95e525aa577abd2ac664

    • Size

      58KB

    • MD5

      cc6f6370f00229f6e96bbb1519fd2b8d

    • SHA1

      dcf21102b54eb0f36e9b08fb41755fbc971b5868

    • SHA256

      19164b5af56afd167437689b1f0e63ceefe6e1fcc2bf95e525aa577abd2ac664

    • SHA512

      67bb1be4f312350a23fb047ad82b1d72cb09d1a63adf517513b763395f313296b1308e3e25661b2c8bb457e352acfe85a2a2ce15e93390ef04d8a0c13a53f112

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks