Overview

overview

10

Static

static

10

09aab2e374...a4.exe

windows7_x64

10

09aab2e374...a4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09aab2e374d4d8c0df66bc72ad1d91b6c005be504a07d2f43de58ed8018807a4

  • Size

    99KB

  • Sample

    220212-ljtaasaff4

  • MD5

    85e6b105ed928568d652a411badd517a

  • SHA1

    73545d58753259aa6c273c0cb328bde386285f98

  • SHA256

    09aab2e374d4d8c0df66bc72ad1d91b6c005be504a07d2f43de58ed8018807a4

  • SHA512

    75e64be7a8d6f12b2063ecd1f39074cefe9931f421a542a6b77af9f16ee6399549b14ddf686d552ad9f43237aea17d6e0de50d457b966bd543b8acb871a0f34a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      09aab2e374d4d8c0df66bc72ad1d91b6c005be504a07d2f43de58ed8018807a4

    • Size

      99KB

    • MD5

      85e6b105ed928568d652a411badd517a

    • SHA1

      73545d58753259aa6c273c0cb328bde386285f98

    • SHA256

      09aab2e374d4d8c0df66bc72ad1d91b6c005be504a07d2f43de58ed8018807a4

    • SHA512

      75e64be7a8d6f12b2063ecd1f39074cefe9931f421a542a6b77af9f16ee6399549b14ddf686d552ad9f43237aea17d6e0de50d457b966bd543b8acb871a0f34a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks