Overview

overview

10

Static

static

179803fb0d...a7.exe

windows7_x64

10

179803fb0d...a7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    179803fb0d8173f0d357ece19dcd452dab753a625f92eff6074cfa47aa2592a7

  • Size

    35KB

  • Sample

    220212-dz43qsfdh4

  • MD5

    468d1a722a8397055a15efe0f75f0890

  • SHA1

    40b981d35979e347633f2d89e66d22a538d3a07b

  • SHA256

    179803fb0d8173f0d357ece19dcd452dab753a625f92eff6074cfa47aa2592a7

  • SHA512

    61f8512b8cb166ab82b6fa1541f169073308a747670ca9ab142719754f5f82425516fa1842312c3c657008bb461fd7951e9eda6b84398cc0645a78f5b2c0becf

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      179803fb0d8173f0d357ece19dcd452dab753a625f92eff6074cfa47aa2592a7

    • Size

      35KB

    • MD5

      468d1a722a8397055a15efe0f75f0890

    • SHA1

      40b981d35979e347633f2d89e66d22a538d3a07b

    • SHA256

      179803fb0d8173f0d357ece19dcd452dab753a625f92eff6074cfa47aa2592a7

    • SHA512

      61f8512b8cb166ab82b6fa1541f169073308a747670ca9ab142719754f5f82425516fa1842312c3c657008bb461fd7951e9eda6b84398cc0645a78f5b2c0becf

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks