Overview

overview

10

Static

static

10

184f98ae48...19.exe

windows7_x64

10

184f98ae48...19.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    184f98ae48e0c9e46953de1eba24a411489b8c6a4d0c773662b6822a179c6619

  • Size

    80KB

  • Sample

    220212-dqr2tafch3

  • MD5

    cec64bcb7938bc0315467975841036a8

  • SHA1

    6ae33b649309cfb7800ec9ba73ded95355937a22

  • SHA256

    184f98ae48e0c9e46953de1eba24a411489b8c6a4d0c773662b6822a179c6619

  • SHA512

    70d7f023e9bc2e79c69c0eb9ca03a9154a2bf3a884e76b0d31bf8e3f12c5ac4753392587a65336f8f276783e46e6f382f516bd277c84ca9564b196f0d8fcfdff

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      184f98ae48e0c9e46953de1eba24a411489b8c6a4d0c773662b6822a179c6619

    • Size

      80KB

    • MD5

      cec64bcb7938bc0315467975841036a8

    • SHA1

      6ae33b649309cfb7800ec9ba73ded95355937a22

    • SHA256

      184f98ae48e0c9e46953de1eba24a411489b8c6a4d0c773662b6822a179c6619

    • SHA512

      70d7f023e9bc2e79c69c0eb9ca03a9154a2bf3a884e76b0d31bf8e3f12c5ac4753392587a65336f8f276783e46e6f382f516bd277c84ca9564b196f0d8fcfdff

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks