Overview

overview

10

Static

static

10

1350492f2d...91.exe

windows7_x64

10

1350492f2d...91.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1350492f2d0d41a02ddeb543dff407b1ae22d80c1cbc5a8a05a3004da8234791

  • Size

    101KB

  • Sample

    220212-fxca2shhhr

  • MD5

    246f70908d9e8ce74ae73d018ba30d43

  • SHA1

    f1016fd549f17d89af3c8bf088ceee34864e1a42

  • SHA256

    1350492f2d0d41a02ddeb543dff407b1ae22d80c1cbc5a8a05a3004da8234791

  • SHA512

    0331b0338dfcac541d6dbb1c3cfaefcda4076edf1351aefa8a9644f6ab09ed3aac49c3cac9adc260ae7d7a07f2461323358a4fdc3bb83473f7af13e51be6af28

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1350492f2d0d41a02ddeb543dff407b1ae22d80c1cbc5a8a05a3004da8234791

    • Size

      101KB

    • MD5

      246f70908d9e8ce74ae73d018ba30d43

    • SHA1

      f1016fd549f17d89af3c8bf088ceee34864e1a42

    • SHA256

      1350492f2d0d41a02ddeb543dff407b1ae22d80c1cbc5a8a05a3004da8234791

    • SHA512

      0331b0338dfcac541d6dbb1c3cfaefcda4076edf1351aefa8a9644f6ab09ed3aac49c3cac9adc260ae7d7a07f2461323358a4fdc3bb83473f7af13e51be6af28

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks