Overview

overview

10

Static

static

11a702e749...e3.exe

windows7_x64

10

11a702e749...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11a702e74917bf63670232f8405e3dd99cf649c5e3a51f987ae1dec6186ddfe3

  • Size

    35KB

  • Sample

    220212-ghq2bsgfe6

  • MD5

    f60b26edbd92a2fc93ef380661162779

  • SHA1

    63baf874b5eb0ed5433559ebed3d7d90915b31d9

  • SHA256

    11a702e74917bf63670232f8405e3dd99cf649c5e3a51f987ae1dec6186ddfe3

  • SHA512

    e934d203950736714a90b578af604507bab3f9c744ed9d11a5bb0b42db071343cdc1e0920428f4e017e65c9ac53003e8107db2da0dd01fa3ccee7b65d3000ba7

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      11a702e74917bf63670232f8405e3dd99cf649c5e3a51f987ae1dec6186ddfe3

    • Size

      35KB

    • MD5

      f60b26edbd92a2fc93ef380661162779

    • SHA1

      63baf874b5eb0ed5433559ebed3d7d90915b31d9

    • SHA256

      11a702e74917bf63670232f8405e3dd99cf649c5e3a51f987ae1dec6186ddfe3

    • SHA512

      e934d203950736714a90b578af604507bab3f9c744ed9d11a5bb0b42db071343cdc1e0920428f4e017e65c9ac53003e8107db2da0dd01fa3ccee7b65d3000ba7

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks