Overview

overview

10

Static

static

10

1643e02200...85.exe

windows7_x64

10

1643e02200...85.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1643e022000a980fc4198771af41bb14fd480a5d146d95a9bdb6c92952a29e85

  • Size

    191KB

  • Sample

    220212-elk85shcfk

  • MD5

    49be17cf09c28c734884fb8dc73fa3b4

  • SHA1

    052dfe75c8f4df9feed2e6c6f0be112f9862da5e

  • SHA256

    1643e022000a980fc4198771af41bb14fd480a5d146d95a9bdb6c92952a29e85

  • SHA512

    7d634987060fd72dc7a03f034a3ac7e3552cb752edf017a37757a21f8590ba98b538572bb96ba4d8b8e7267bec9f2574645aefa849ff5c92c8e76e084fca92a8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1643e022000a980fc4198771af41bb14fd480a5d146d95a9bdb6c92952a29e85

    • Size

      191KB

    • MD5

      49be17cf09c28c734884fb8dc73fa3b4

    • SHA1

      052dfe75c8f4df9feed2e6c6f0be112f9862da5e

    • SHA256

      1643e022000a980fc4198771af41bb14fd480a5d146d95a9bdb6c92952a29e85

    • SHA512

      7d634987060fd72dc7a03f034a3ac7e3552cb752edf017a37757a21f8590ba98b538572bb96ba4d8b8e7267bec9f2574645aefa849ff5c92c8e76e084fca92a8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks