Overview

overview

10

Static

static

153b2f11b0...58.exe

windows7_x64

10

153b2f11b0...58.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    153b2f11b01b9c243690f9358829e3a837e848c9e6da608bd5d657e8622d9c58

  • Size

    58KB

  • Sample

    220212-e6am5sgad3

  • MD5

    92c2277ae52caea1ef5a8502b7b98484

  • SHA1

    db8334d3052b61929cdd77a47a4bb71618c1c9f0

  • SHA256

    153b2f11b01b9c243690f9358829e3a837e848c9e6da608bd5d657e8622d9c58

  • SHA512

    29e0c59c469adde1a9345acfc9e52d0bfbd27f8e7bd8497a89a6cfdd46f3a19f83137df396b70a93a23b93e827a7c10a3b95e348e07093576d32319c02a6f95f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      153b2f11b01b9c243690f9358829e3a837e848c9e6da608bd5d657e8622d9c58

    • Size

      58KB

    • MD5

      92c2277ae52caea1ef5a8502b7b98484

    • SHA1

      db8334d3052b61929cdd77a47a4bb71618c1c9f0

    • SHA256

      153b2f11b01b9c243690f9358829e3a837e848c9e6da608bd5d657e8622d9c58

    • SHA512

      29e0c59c469adde1a9345acfc9e52d0bfbd27f8e7bd8497a89a6cfdd46f3a19f83137df396b70a93a23b93e827a7c10a3b95e348e07093576d32319c02a6f95f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks