Overview

overview

10

Static

static

10052cc4ec...43.exe

windows7_x64

10

10052cc4ec...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10052cc4eca4a85ac9877c64b50759af21609eb9dc834ea314217ef5caf88c43

  • Size

    58KB

  • Sample

    220212-g7cv1ahae6

  • MD5

    1815538e82c72dc5c2dbe7744f7deceb

  • SHA1

    59a16a90b5ed24926fc3fbd03a99befab2899df0

  • SHA256

    10052cc4eca4a85ac9877c64b50759af21609eb9dc834ea314217ef5caf88c43

  • SHA512

    269700fd270e15215a4b20768d5840eed7aba6d7a27d5ac459cbeae363162dde2486a66f646b9d577757ae10dbbab030759a9f31148f1d52df6b2ba0082c4ed9

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10052cc4eca4a85ac9877c64b50759af21609eb9dc834ea314217ef5caf88c43

    • Size

      58KB

    • MD5

      1815538e82c72dc5c2dbe7744f7deceb

    • SHA1

      59a16a90b5ed24926fc3fbd03a99befab2899df0

    • SHA256

      10052cc4eca4a85ac9877c64b50759af21609eb9dc834ea314217ef5caf88c43

    • SHA512

      269700fd270e15215a4b20768d5840eed7aba6d7a27d5ac459cbeae363162dde2486a66f646b9d577757ae10dbbab030759a9f31148f1d52df6b2ba0082c4ed9

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks