Overview

overview

10

Static

static

10

161a293788...4c.exe

windows7_x64

10

161a293788...4c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    161a293788e047526a334e356a45526b0080ae02c636148b58c2cff76ef9504c

  • Size

    99KB

  • Sample

    220212-em5n6shchj

  • MD5

    5387427ffbb5606fc447eac19297871e

  • SHA1

    bb9f01ed43dfc125984678e122234062ead71420

  • SHA256

    161a293788e047526a334e356a45526b0080ae02c636148b58c2cff76ef9504c

  • SHA512

    78b6c60ce4ace6c3096351c89ad5bfbf3f6fc127a99b28756b09eed6e476e5ddd53e88a562f733fcd3e60a360950e379c877ef01586b27c4c1c59cde4178e680

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      161a293788e047526a334e356a45526b0080ae02c636148b58c2cff76ef9504c

    • Size

      99KB

    • MD5

      5387427ffbb5606fc447eac19297871e

    • SHA1

      bb9f01ed43dfc125984678e122234062ead71420

    • SHA256

      161a293788e047526a334e356a45526b0080ae02c636148b58c2cff76ef9504c

    • SHA512

      78b6c60ce4ace6c3096351c89ad5bfbf3f6fc127a99b28756b09eed6e476e5ddd53e88a562f733fcd3e60a360950e379c877ef01586b27c4c1c59cde4178e680

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks