Overview

overview

10

Static

static

169759295a...40.exe

windows7_x64

10

169759295a...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    169759295ac856aa8e58f34ab39ba24db62b4fedab45c94b50cacc1b852d4b40

  • Size

    58KB

  • Sample

    220212-efpdlsfff9

  • MD5

    85f13a9639348c634260b2bc34b0028d

  • SHA1

    b3b44896eb2537b69025f6f96337279ed0ea6858

  • SHA256

    169759295ac856aa8e58f34ab39ba24db62b4fedab45c94b50cacc1b852d4b40

  • SHA512

    74409a328a59f8e2aadd2ea2a9d6b78e14b132e206f9a927397dbd39a4451dc4e4c57c14f8355416a6c661035df2d22c2d865c960ed05f0f6c90ebca28dcb3f6

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      169759295ac856aa8e58f34ab39ba24db62b4fedab45c94b50cacc1b852d4b40

    • Size

      58KB

    • MD5

      85f13a9639348c634260b2bc34b0028d

    • SHA1

      b3b44896eb2537b69025f6f96337279ed0ea6858

    • SHA256

      169759295ac856aa8e58f34ab39ba24db62b4fedab45c94b50cacc1b852d4b40

    • SHA512

      74409a328a59f8e2aadd2ea2a9d6b78e14b132e206f9a927397dbd39a4451dc4e4c57c14f8355416a6c661035df2d22c2d865c960ed05f0f6c90ebca28dcb3f6

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks