Overview

overview

10

Static

static

10

10513915fb...c1.exe

windows7_x64

10

10513915fb...c1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10513915fb034803d53e8406800074799527206cf504bcf8034a5804c3b336c1

  • Size

    99KB

  • Sample

    220212-g27hesaeem

  • MD5

    6be173a143ea8e2724c54d7d789efbe1

  • SHA1

    ee48b3bcb4458e29db33b2ac02180f195eb93ac1

  • SHA256

    10513915fb034803d53e8406800074799527206cf504bcf8034a5804c3b336c1

  • SHA512

    1933b402c1a23322005c3ae7b55f609605334f8d3b60ef3ba77acbb927999994bbc1f8f4677fed21a75f5a3fb3cb9ed94171a9aa3b9fd8927b123c824dfc2dd4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10513915fb034803d53e8406800074799527206cf504bcf8034a5804c3b336c1

    • Size

      99KB

    • MD5

      6be173a143ea8e2724c54d7d789efbe1

    • SHA1

      ee48b3bcb4458e29db33b2ac02180f195eb93ac1

    • SHA256

      10513915fb034803d53e8406800074799527206cf504bcf8034a5804c3b336c1

    • SHA512

      1933b402c1a23322005c3ae7b55f609605334f8d3b60ef3ba77acbb927999994bbc1f8f4677fed21a75f5a3fb3cb9ed94171a9aa3b9fd8927b123c824dfc2dd4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks