Overview

overview

10

Static

static

10

1051d6bb2e...90.exe

windows7_x64

10

1051d6bb2e...90.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1051d6bb2e98da0756633c32ce6a46b15a25b24d930bb32db8ea0e989bd54590

  • Size

    80KB

  • Sample

    220212-g25c3aaeel

  • MD5

    374d5f458de30250845a446671811850

  • SHA1

    79e8a29c67eaa10e2da63bfe947d918598239483

  • SHA256

    1051d6bb2e98da0756633c32ce6a46b15a25b24d930bb32db8ea0e989bd54590

  • SHA512

    665a1e0d70cc0ff7bff1de5c4882c5364b587c650dc85f7294353e5c245169c4146d88be836c43857f822031aa1b29504ae6c6e89dbaf3ba1a7359e43eb64696

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1051d6bb2e98da0756633c32ce6a46b15a25b24d930bb32db8ea0e989bd54590

    • Size

      80KB

    • MD5

      374d5f458de30250845a446671811850

    • SHA1

      79e8a29c67eaa10e2da63bfe947d918598239483

    • SHA256

      1051d6bb2e98da0756633c32ce6a46b15a25b24d930bb32db8ea0e989bd54590

    • SHA512

      665a1e0d70cc0ff7bff1de5c4882c5364b587c650dc85f7294353e5c245169c4146d88be836c43857f822031aa1b29504ae6c6e89dbaf3ba1a7359e43eb64696

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks