Overview

overview

10

Static

static

104a154b5a...76.exe

windows7_x64

10

104a154b5a...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    104a154b5a51b73a7677b578cf572a3bd548dff8bda1f904dcfeb96edfc80576

  • Size

    36KB

  • Sample

    220212-g3bgdahaa4

  • MD5

    330b0b314049b71af71e25078f6c345b

  • SHA1

    56f34dd1fccb161df6a47b4b1baf5f0fe215bce7

  • SHA256

    104a154b5a51b73a7677b578cf572a3bd548dff8bda1f904dcfeb96edfc80576

  • SHA512

    6c3e4578d28eee2feab141351e0c6db1211fc030eb12e3a4275528e226e33573f7d54d7958e69561df248e7d4a49d3a41f7fb37fcaca59118f6b8552db051ab3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      104a154b5a51b73a7677b578cf572a3bd548dff8bda1f904dcfeb96edfc80576

    • Size

      36KB

    • MD5

      330b0b314049b71af71e25078f6c345b

    • SHA1

      56f34dd1fccb161df6a47b4b1baf5f0fe215bce7

    • SHA256

      104a154b5a51b73a7677b578cf572a3bd548dff8bda1f904dcfeb96edfc80576

    • SHA512

      6c3e4578d28eee2feab141351e0c6db1211fc030eb12e3a4275528e226e33573f7d54d7958e69561df248e7d4a49d3a41f7fb37fcaca59118f6b8552db051ab3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks