Overview

overview

10

Static

static

10

11d59232d7...93.exe

windows7_x64

10

11d59232d7...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11d59232d743ac8dfe3b56c823df617d9fd8ab828b84ff8b438ec01a5da46893

  • Size

    101KB

  • Sample

    220212-gfaxbsgfb5

  • MD5

    e569745fdd0c6c68f154571598cb0ffd

  • SHA1

    a8883fc1f2fa8b82232f275e0979f7ba8208dcf8

  • SHA256

    11d59232d743ac8dfe3b56c823df617d9fd8ab828b84ff8b438ec01a5da46893

  • SHA512

    724e7a19c545aadf878fab537775b127da0e83d642b40ff708bbf2460991e86ddf289137ba9f11d6ef01a23175bff3cac11b96c2bb5ec0ce84b4ddee98ee850d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      11d59232d743ac8dfe3b56c823df617d9fd8ab828b84ff8b438ec01a5da46893

    • Size

      101KB

    • MD5

      e569745fdd0c6c68f154571598cb0ffd

    • SHA1

      a8883fc1f2fa8b82232f275e0979f7ba8208dcf8

    • SHA256

      11d59232d743ac8dfe3b56c823df617d9fd8ab828b84ff8b438ec01a5da46893

    • SHA512

      724e7a19c545aadf878fab537775b127da0e83d642b40ff708bbf2460991e86ddf289137ba9f11d6ef01a23175bff3cac11b96c2bb5ec0ce84b4ddee98ee850d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks