Overview

overview

10

Static

static

10

1825ba49aa...22.exe

windows7_x64

10

1825ba49aa...22.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1825ba49aa1326ae4b233d1084b1df16828d0bba19491a3599eb46b30cd4c622

  • Size

    80KB

  • Sample

    220212-dsyblsfdb3

  • MD5

    7fed7c619c05b394f7c954c8e7527586

  • SHA1

    972fff94c657faba73bfe311326ff542ed5d7df5

  • SHA256

    1825ba49aa1326ae4b233d1084b1df16828d0bba19491a3599eb46b30cd4c622

  • SHA512

    61f84f26f46c7ca59c31da3516d666c53f0a5552129fd8ad1af11d677f16f30929a77d8f6bb5d8a2db72c144d59bc4a0de9b671d4f5ea55b3e948fb4b88d850c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1825ba49aa1326ae4b233d1084b1df16828d0bba19491a3599eb46b30cd4c622

    • Size

      80KB

    • MD5

      7fed7c619c05b394f7c954c8e7527586

    • SHA1

      972fff94c657faba73bfe311326ff542ed5d7df5

    • SHA256

      1825ba49aa1326ae4b233d1084b1df16828d0bba19491a3599eb46b30cd4c622

    • SHA512

      61f84f26f46c7ca59c31da3516d666c53f0a5552129fd8ad1af11d677f16f30929a77d8f6bb5d8a2db72c144d59bc4a0de9b671d4f5ea55b3e948fb4b88d850c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks