Overview

overview

10

Static

static

151fcbf299...54.exe

windows7_x64

10

151fcbf299...54.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    151fcbf2990824333e4c42b9e81d614641078044b38cd290735f81e153644354

  • Size

    60KB

  • Sample

    220212-e7rytahehn

  • MD5

    df36f278f026a5e5b13c870a4f110fd4

  • SHA1

    78f352f7459625a867981dd87948b50b1b562cd4

  • SHA256

    151fcbf2990824333e4c42b9e81d614641078044b38cd290735f81e153644354

  • SHA512

    64f11ac6774268d2abf2c611117919ace680b6db34a4591952ec91b755525cddf4782e7dbebcbc0ef34eb69e14f3095ea62553bdf4d21b15f54ba7f64b2db8d0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      151fcbf2990824333e4c42b9e81d614641078044b38cd290735f81e153644354

    • Size

      60KB

    • MD5

      df36f278f026a5e5b13c870a4f110fd4

    • SHA1

      78f352f7459625a867981dd87948b50b1b562cd4

    • SHA256

      151fcbf2990824333e4c42b9e81d614641078044b38cd290735f81e153644354

    • SHA512

      64f11ac6774268d2abf2c611117919ace680b6db34a4591952ec91b755525cddf4782e7dbebcbc0ef34eb69e14f3095ea62553bdf4d21b15f54ba7f64b2db8d0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks