Overview

overview

10

Static

static

1054f86c35...78.exe

windows7_x64

10

1054f86c35...78.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1054f86c3580ffd2fe441c3524efdb72fddb095a53606691efe6726923f5ad78

  • Size

    60KB

  • Sample

    220212-g23jgaghh8

  • MD5

    2aef95c276f66554cb99a380a5ed31b8

  • SHA1

    027be9c7a97a70c280aa0e820759610ad4b318cd

  • SHA256

    1054f86c3580ffd2fe441c3524efdb72fddb095a53606691efe6726923f5ad78

  • SHA512

    bf6987cf6f41a319d36d97f79b208df352085852c42b8c3fdb991946598773114980892380c581765fabc799848d22abb19315a910504f6ed605435cd8e44705

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1054f86c3580ffd2fe441c3524efdb72fddb095a53606691efe6726923f5ad78

    • Size

      60KB

    • MD5

      2aef95c276f66554cb99a380a5ed31b8

    • SHA1

      027be9c7a97a70c280aa0e820759610ad4b318cd

    • SHA256

      1054f86c3580ffd2fe441c3524efdb72fddb095a53606691efe6726923f5ad78

    • SHA512

      bf6987cf6f41a319d36d97f79b208df352085852c42b8c3fdb991946598773114980892380c581765fabc799848d22abb19315a910504f6ed605435cd8e44705

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks