Overview

overview

10

Static

static

11d621ba72...4b.exe

windows7_x64

10

11d621ba72...4b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11d621ba722c37196f8442b72bf1b1e84dc1fdf606d522937e140e239037a14b

  • Size

    60KB

  • Sample

    220212-ge6ydagfb3

  • MD5

    7a5421c76ad30373e95e9fbc305690f3

  • SHA1

    53f7f7232b987067bfc2a6e4e9bbe1244d4393bd

  • SHA256

    11d621ba722c37196f8442b72bf1b1e84dc1fdf606d522937e140e239037a14b

  • SHA512

    3c74bb68d05abb818cc7905b2267b667c4acc7f5b48c393bc8b7550642d50716d054310b41badaea9d10cd87f6f187de5bb623efc7cbadb26d00a24433e90685

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      11d621ba722c37196f8442b72bf1b1e84dc1fdf606d522937e140e239037a14b

    • Size

      60KB

    • MD5

      7a5421c76ad30373e95e9fbc305690f3

    • SHA1

      53f7f7232b987067bfc2a6e4e9bbe1244d4393bd

    • SHA256

      11d621ba722c37196f8442b72bf1b1e84dc1fdf606d522937e140e239037a14b

    • SHA512

      3c74bb68d05abb818cc7905b2267b667c4acc7f5b48c393bc8b7550642d50716d054310b41badaea9d10cd87f6f187de5bb623efc7cbadb26d00a24433e90685

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks