Overview

overview

10

Static

static

106cff2f06...0b.exe

windows7_x64

10

106cff2f06...0b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    106cff2f0600524e83e35a39f054107c1e979b6476430d954aa284bca9fb380b

  • Size

    36KB

  • Sample

    220212-g173kaaedn

  • MD5

    baac3d7e38f0cea6b00a3a40899c15a0

  • SHA1

    c589f16cd750c6849aed592278e2c2ca9f8ddaae

  • SHA256

    106cff2f0600524e83e35a39f054107c1e979b6476430d954aa284bca9fb380b

  • SHA512

    a791324216d3df83186cc4bacfa290d0e7180812a118d95859f80a647eef61a9edb95417665478356f065f136428a977b06ff7046c77925fb9e69299d3f316ac

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      106cff2f0600524e83e35a39f054107c1e979b6476430d954aa284bca9fb380b

    • Size

      36KB

    • MD5

      baac3d7e38f0cea6b00a3a40899c15a0

    • SHA1

      c589f16cd750c6849aed592278e2c2ca9f8ddaae

    • SHA256

      106cff2f0600524e83e35a39f054107c1e979b6476430d954aa284bca9fb380b

    • SHA512

      a791324216d3df83186cc4bacfa290d0e7180812a118d95859f80a647eef61a9edb95417665478356f065f136428a977b06ff7046c77925fb9e69299d3f316ac

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks