Overview

overview

10

Static

static

10

104694573c...23.exe

windows7_x64

10

104694573c...23.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    104694573c63a19533aced1cd8e5c36f5cf847c4ebb3d63e4200115a90970b23

  • Size

    216KB

  • Sample

    220212-g3vj9ahaa8

  • MD5

    0135c0a649b962219ea07348e21994a3

  • SHA1

    b557fa3a5aace5d9a624165a6b14ab3e1128946b

  • SHA256

    104694573c63a19533aced1cd8e5c36f5cf847c4ebb3d63e4200115a90970b23

  • SHA512

    4d4d258cc16c9f4967930d16a45291bfdfbe08b9a7794722cede67b0acc3aa5ed46ca3d92bad0c5d244087c0ef633d52df451d54b1ced5c1149e249eec1a51bd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      104694573c63a19533aced1cd8e5c36f5cf847c4ebb3d63e4200115a90970b23

    • Size

      216KB

    • MD5

      0135c0a649b962219ea07348e21994a3

    • SHA1

      b557fa3a5aace5d9a624165a6b14ab3e1128946b

    • SHA256

      104694573c63a19533aced1cd8e5c36f5cf847c4ebb3d63e4200115a90970b23

    • SHA512

      4d4d258cc16c9f4967930d16a45291bfdfbe08b9a7794722cede67b0acc3aa5ed46ca3d92bad0c5d244087c0ef633d52df451d54b1ced5c1149e249eec1a51bd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks