Overview

overview

10

Static

static

10

1057571934...75.exe

windows7_x64

10

1057571934...75.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10575719341df64fbebf8ed8652195073a2a508a603a623b3f1791d90e15e775

  • Size

    192KB

  • Sample

    220212-g21d4sghh7

  • MD5

    9b83026e0a57e417ce735fcf3ad9ffe0

  • SHA1

    a99ea987805d69d042451e826384ffc242e57558

  • SHA256

    10575719341df64fbebf8ed8652195073a2a508a603a623b3f1791d90e15e775

  • SHA512

    82b63b673861fc7dac25e555cac1700c17fee4036c6cb1fe3a80ee4600a7589b375496394fad5db45d99b537b751e9bddf28099b4f3f1868231114af30ad8724

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10575719341df64fbebf8ed8652195073a2a508a603a623b3f1791d90e15e775

    • Size

      192KB

    • MD5

      9b83026e0a57e417ce735fcf3ad9ffe0

    • SHA1

      a99ea987805d69d042451e826384ffc242e57558

    • SHA256

      10575719341df64fbebf8ed8652195073a2a508a603a623b3f1791d90e15e775

    • SHA512

      82b63b673861fc7dac25e555cac1700c17fee4036c6cb1fe3a80ee4600a7589b375496394fad5db45d99b537b751e9bddf28099b4f3f1868231114af30ad8724

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks