Overview

overview

10

Static

static

10

10a0d59b4f...e3.exe

windows7_x64

10

10a0d59b4f...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10a0d59b4fc6480c834cb39c8648ab8c59709893cd6c0af9497551e880412de3

  • Size

    80KB

  • Sample

    220212-gxypqaaean

  • MD5

    aa43abf989806ae27d47705849dea25c

  • SHA1

    e0877d72feecc9ce729f7a9510d3ff683c2a4fa4

  • SHA256

    10a0d59b4fc6480c834cb39c8648ab8c59709893cd6c0af9497551e880412de3

  • SHA512

    4f7c11f37134086d3eecc022f72669e7239c540c9d807fbd86ca9a256e60b5527e3fb137f472e8833711631429159a01a2d4ab8e996c65915dad554a1875e6d5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10a0d59b4fc6480c834cb39c8648ab8c59709893cd6c0af9497551e880412de3

    • Size

      80KB

    • MD5

      aa43abf989806ae27d47705849dea25c

    • SHA1

      e0877d72feecc9ce729f7a9510d3ff683c2a4fa4

    • SHA256

      10a0d59b4fc6480c834cb39c8648ab8c59709893cd6c0af9497551e880412de3

    • SHA512

      4f7c11f37134086d3eecc022f72669e7239c540c9d807fbd86ca9a256e60b5527e3fb137f472e8833711631429159a01a2d4ab8e996c65915dad554a1875e6d5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks