Overview

overview

10

Static

static

185c4ca5b5...9e.exe

windows7_x64

10

185c4ca5b5...9e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    185c4ca5b5d7a2f8c46c5edc0be69ea7162215011f9f45575c011098afcbfd9e

  • Size

    60KB

  • Sample

    220212-dp89psghap

  • MD5

    48e8723f537bcc52cd6a3e6a122551b2

  • SHA1

    19da584170b3b811785cf75455e7fddfc10bb0ef

  • SHA256

    185c4ca5b5d7a2f8c46c5edc0be69ea7162215011f9f45575c011098afcbfd9e

  • SHA512

    62821e1698cd77741ab379686d6eb50b5663adeed5583869d078242e577d3e58217cb5d9fa28972e8550efda56332bd2b0b98901d0a5696a5cb3ae2fb1e42653

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      185c4ca5b5d7a2f8c46c5edc0be69ea7162215011f9f45575c011098afcbfd9e

    • Size

      60KB

    • MD5

      48e8723f537bcc52cd6a3e6a122551b2

    • SHA1

      19da584170b3b811785cf75455e7fddfc10bb0ef

    • SHA256

      185c4ca5b5d7a2f8c46c5edc0be69ea7162215011f9f45575c011098afcbfd9e

    • SHA512

      62821e1698cd77741ab379686d6eb50b5663adeed5583869d078242e577d3e58217cb5d9fa28972e8550efda56332bd2b0b98901d0a5696a5cb3ae2fb1e42653

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks