Overview

overview

10

Static

static

10

10a5481ac4...75.exe

windows7_x64

10

10a5481ac4...75.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10a5481ac47af2d10bf339312938392ba9c59dd8dde56c72e4908c7b4d44aa75

  • Size

    168KB

  • Sample

    220212-gxqzwaghc7

  • MD5

    f6315d56c3cd55feabf1adaf02604e74

  • SHA1

    7d2d6659cca0ff4b848376c6f8c8f27e6f08e657

  • SHA256

    10a5481ac47af2d10bf339312938392ba9c59dd8dde56c72e4908c7b4d44aa75

  • SHA512

    fcc7b1814245e9494c1231ec47f627f342315776108c723fce9df149efe39f5092564ff01d57defcb0f91a34d3f7584d49e6d6c2a5762c6fd23096abf49c67c2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10a5481ac47af2d10bf339312938392ba9c59dd8dde56c72e4908c7b4d44aa75

    • Size

      168KB

    • MD5

      f6315d56c3cd55feabf1adaf02604e74

    • SHA1

      7d2d6659cca0ff4b848376c6f8c8f27e6f08e657

    • SHA256

      10a5481ac47af2d10bf339312938392ba9c59dd8dde56c72e4908c7b4d44aa75

    • SHA512

      fcc7b1814245e9494c1231ec47f627f342315776108c723fce9df149efe39f5092564ff01d57defcb0f91a34d3f7584d49e6d6c2a5762c6fd23096abf49c67c2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks