Overview

overview

10

Static

static

1649670fb8...8a.exe

windows7_x64

10

1649670fb8...8a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1649670fb8188eecbfa255fa03232dc7cf0ddb2398904c56488cc9b9311b638a

  • Size

    58KB

  • Sample

    220212-ek9v4sfgd3

  • MD5

    7eba05d5dce071d2b50dd0e8c8e65633

  • SHA1

    bbad64341e78fa0692fe944bef2775d4fdc3ab83

  • SHA256

    1649670fb8188eecbfa255fa03232dc7cf0ddb2398904c56488cc9b9311b638a

  • SHA512

    adab37f0893738ee5015a3791b179b0162352b0287edc458667149089324c1ea9e1938eff18c487e5b41e33807b266e144a3754b385b72095302a5d38eb999e2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1649670fb8188eecbfa255fa03232dc7cf0ddb2398904c56488cc9b9311b638a

    • Size

      58KB

    • MD5

      7eba05d5dce071d2b50dd0e8c8e65633

    • SHA1

      bbad64341e78fa0692fe944bef2775d4fdc3ab83

    • SHA256

      1649670fb8188eecbfa255fa03232dc7cf0ddb2398904c56488cc9b9311b638a

    • SHA512

      adab37f0893738ee5015a3791b179b0162352b0287edc458667149089324c1ea9e1938eff18c487e5b41e33807b266e144a3754b385b72095302a5d38eb999e2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks