Overview

overview

10

Static

static

10

1111499cba...4b.exe

windows7_x64

10

1111499cba...4b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1111499cba591111ee7f0bb6c80a64476cd61cb3599cb90c4bde7bba9e6eb94b

  • Size

    192KB

  • Sample

    220212-grmp9sggf4

  • MD5

    1c53f20c92cae03a4d51b006a7403fa2

  • SHA1

    c045e4922e00001b6852c501d3f3b630cb93406a

  • SHA256

    1111499cba591111ee7f0bb6c80a64476cd61cb3599cb90c4bde7bba9e6eb94b

  • SHA512

    ed69e74b82c411cb3bdb16abf74120f9a1612c798a7b1c98a0dc6b8019c8ea024ad29b14fcfade3b3ae58c99218ad6c22b355d46c1f8a3aa9ba7e315201ca46b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1111499cba591111ee7f0bb6c80a64476cd61cb3599cb90c4bde7bba9e6eb94b

    • Size

      192KB

    • MD5

      1c53f20c92cae03a4d51b006a7403fa2

    • SHA1

      c045e4922e00001b6852c501d3f3b630cb93406a

    • SHA256

      1111499cba591111ee7f0bb6c80a64476cd61cb3599cb90c4bde7bba9e6eb94b

    • SHA512

      ed69e74b82c411cb3bdb16abf74120f9a1612c798a7b1c98a0dc6b8019c8ea024ad29b14fcfade3b3ae58c99218ad6c22b355d46c1f8a3aa9ba7e315201ca46b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks