Overview

overview

10

Static

static

1123410a7e...10.exe

windows7_x64

10

1123410a7e...10.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1123410a7eb2d5d1c4ca4ea4ffae6a6818140eaec06ac967a6b4fd5884643310

  • Size

    35KB

  • Sample

    220212-gqfkkaadbq

  • MD5

    ca983119cb826df2cc7de0d97d43e091

  • SHA1

    e3043cd4ff0b62af52e52321892a036778f7d9fa

  • SHA256

    1123410a7eb2d5d1c4ca4ea4ffae6a6818140eaec06ac967a6b4fd5884643310

  • SHA512

    27219ba6fa65cc1ee65da7a23a28214ebeba2f27507488543101c7773e6e7f87dcaf01819eb1046ea6244d107b4bf81c2437d5ae615ccdc3c58663e0a32177a1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1123410a7eb2d5d1c4ca4ea4ffae6a6818140eaec06ac967a6b4fd5884643310

    • Size

      35KB

    • MD5

      ca983119cb826df2cc7de0d97d43e091

    • SHA1

      e3043cd4ff0b62af52e52321892a036778f7d9fa

    • SHA256

      1123410a7eb2d5d1c4ca4ea4ffae6a6818140eaec06ac967a6b4fd5884643310

    • SHA512

      27219ba6fa65cc1ee65da7a23a28214ebeba2f27507488543101c7773e6e7f87dcaf01819eb1046ea6244d107b4bf81c2437d5ae615ccdc3c58663e0a32177a1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks