Overview

overview

10

Static

static

1021c155b5...24.exe

windows7_x64

10

1021c155b5...24.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1021c155b561d64e142af32a9589260a5d25afc95653b9ded156bdfb04a12c24

  • Size

    35KB

  • Sample

    220212-g5s47shac7

  • MD5

    b0485d4ea0bf57669f73eb699b243802

  • SHA1

    1c80bc5a4c8457bede6ce6ebbf0d797d51878a3a

  • SHA256

    1021c155b561d64e142af32a9589260a5d25afc95653b9ded156bdfb04a12c24

  • SHA512

    a021c92a03ecea396371e322131eaa6eb9e1572020e165f0da4a1ce5a72d563f0cd69886a8aa8c76f0f06f475d0ac9efc38adb0a4925633bba5631ee6f6e0a52

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1021c155b561d64e142af32a9589260a5d25afc95653b9ded156bdfb04a12c24

    • Size

      35KB

    • MD5

      b0485d4ea0bf57669f73eb699b243802

    • SHA1

      1c80bc5a4c8457bede6ce6ebbf0d797d51878a3a

    • SHA256

      1021c155b561d64e142af32a9589260a5d25afc95653b9ded156bdfb04a12c24

    • SHA512

      a021c92a03ecea396371e322131eaa6eb9e1572020e165f0da4a1ce5a72d563f0cd69886a8aa8c76f0f06f475d0ac9efc38adb0a4925633bba5631ee6f6e0a52

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks