Overview

overview

10

Static

static

1048a0974f...e7.exe

windows7_x64

10

1048a0974f...e7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1048a0974f87b6801905be2b25b700345c0b2f3c14c47762ea64a66506a9f6e7

  • Size

    60KB

  • Sample

    220212-g3g9xsaeep

  • MD5

    04f5f791aa6a7c7d14ed92f4a08fc6b9

  • SHA1

    daeb8bf97356afa1760000e6f2700a9c20d1985e

  • SHA256

    1048a0974f87b6801905be2b25b700345c0b2f3c14c47762ea64a66506a9f6e7

  • SHA512

    cd6ffbf18cc011c5064ec9e0c023b986b8687e8d7996a6cb1ae6c8786d086e184119d51b995f51e4b534feec0cdb1ed9d2211c6b4412242053da0c5c904a5fa1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1048a0974f87b6801905be2b25b700345c0b2f3c14c47762ea64a66506a9f6e7

    • Size

      60KB

    • MD5

      04f5f791aa6a7c7d14ed92f4a08fc6b9

    • SHA1

      daeb8bf97356afa1760000e6f2700a9c20d1985e

    • SHA256

      1048a0974f87b6801905be2b25b700345c0b2f3c14c47762ea64a66506a9f6e7

    • SHA512

      cd6ffbf18cc011c5064ec9e0c023b986b8687e8d7996a6cb1ae6c8786d086e184119d51b995f51e4b534feec0cdb1ed9d2211c6b4412242053da0c5c904a5fa1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks