Overview

overview

10

Static

static

10

0985df5e29...28.exe

windows7_x64

10

0985df5e29...28.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0985df5e29fe59f922d77b606089810020f48725ec7fc4cb84b815ed6b876328

  • Size

    80KB

  • Sample

    220212-lktx8aafg3

  • MD5

    0771a14c1e29190001baaa5cc4ab50ca

  • SHA1

    3fd5214e57390911d3eb2a84bfc3ee6215c2a8a6

  • SHA256

    0985df5e29fe59f922d77b606089810020f48725ec7fc4cb84b815ed6b876328

  • SHA512

    1839870c0d08619076443d6705d4b3c0d64bd2328c6d10e0d70180523e35dc71e792310d2afe3792b979d0f38ca1fec5d0cc3d8b942cc52ba8a11904bd866667

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0985df5e29fe59f922d77b606089810020f48725ec7fc4cb84b815ed6b876328

    • Size

      80KB

    • MD5

      0771a14c1e29190001baaa5cc4ab50ca

    • SHA1

      3fd5214e57390911d3eb2a84bfc3ee6215c2a8a6

    • SHA256

      0985df5e29fe59f922d77b606089810020f48725ec7fc4cb84b815ed6b876328

    • SHA512

      1839870c0d08619076443d6705d4b3c0d64bd2328c6d10e0d70180523e35dc71e792310d2afe3792b979d0f38ca1fec5d0cc3d8b942cc52ba8a11904bd866667

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks