Overview

overview

10

Static

static

10

1442b9ad22...60.exe

windows7_x64

10

1442b9ad22...60.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1442b9ad225e76be88804df9f5ae55681eee48ef73aa53250e290b2d43d82860

  • Size

    100KB

  • Sample

    220212-fgqhqshgbj

  • MD5

    dfa7ee82da68f8dba1d2f9f3bbefed38

  • SHA1

    af2b244a1150f89c7ef702305b2c63123eda7128

  • SHA256

    1442b9ad225e76be88804df9f5ae55681eee48ef73aa53250e290b2d43d82860

  • SHA512

    ef493f10453880a7caabf978382182437cba4a16c865c8fd9e1dde69c026569bef0720d3410f93b665b6f37fea66e143e2d22e673bc1d26f8fc063abb77198bc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1442b9ad225e76be88804df9f5ae55681eee48ef73aa53250e290b2d43d82860

    • Size

      100KB

    • MD5

      dfa7ee82da68f8dba1d2f9f3bbefed38

    • SHA1

      af2b244a1150f89c7ef702305b2c63123eda7128

    • SHA256

      1442b9ad225e76be88804df9f5ae55681eee48ef73aa53250e290b2d43d82860

    • SHA512

      ef493f10453880a7caabf978382182437cba4a16c865c8fd9e1dde69c026569bef0720d3410f93b665b6f37fea66e143e2d22e673bc1d26f8fc063abb77198bc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks