Overview

overview

10

Static

static

1445be0c4e...4a.exe

windows7_x64

10

1445be0c4e...4a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1445be0c4e16f10b021e3ac78edcfeff5783b43a875df38db7c03257228b054a

  • Size

    60KB

  • Sample

    220212-fgnn5shgar

  • MD5

    b0d7b7939f6a8651a58c7b378d7ce19e

  • SHA1

    5de580f15b534834f11245223cbff32214f5e57d

  • SHA256

    1445be0c4e16f10b021e3ac78edcfeff5783b43a875df38db7c03257228b054a

  • SHA512

    820eb9602a1021455ec6614793253d0e369f2171c34e3312b6931cd0a81db08a152a797732574c409a54061d631354e7430feab80ba8164698777cc630cb2854

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1445be0c4e16f10b021e3ac78edcfeff5783b43a875df38db7c03257228b054a

    • Size

      60KB

    • MD5

      b0d7b7939f6a8651a58c7b378d7ce19e

    • SHA1

      5de580f15b534834f11245223cbff32214f5e57d

    • SHA256

      1445be0c4e16f10b021e3ac78edcfeff5783b43a875df38db7c03257228b054a

    • SHA512

      820eb9602a1021455ec6614793253d0e369f2171c34e3312b6931cd0a81db08a152a797732574c409a54061d631354e7430feab80ba8164698777cc630cb2854

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks