Overview

overview

10

Static

static

10

090393d6a8...20.exe

windows7_x64

10

090393d6a8...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    090393d6a8fbc2bcf45ba3383d5f12f9c62363afd00335b5099200af70087e20

  • Size

    192KB

  • Sample

    220212-ls36vsagf2

  • MD5

    8724fb781e2098113b23b613d8a8401b

  • SHA1

    f03d71a6ff75f6a5c91fdfe3dd69ff92ed95b68b

  • SHA256

    090393d6a8fbc2bcf45ba3383d5f12f9c62363afd00335b5099200af70087e20

  • SHA512

    2435cba75d24d738d399d74e1503fa09b458d0af0eeb163dafe8318529e547703d6ea56f3460b9dcfb2c531402511670c653e2e5ec16b88cdc176c9b953e48cc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      090393d6a8fbc2bcf45ba3383d5f12f9c62363afd00335b5099200af70087e20

    • Size

      192KB

    • MD5

      8724fb781e2098113b23b613d8a8401b

    • SHA1

      f03d71a6ff75f6a5c91fdfe3dd69ff92ed95b68b

    • SHA256

      090393d6a8fbc2bcf45ba3383d5f12f9c62363afd00335b5099200af70087e20

    • SHA512

      2435cba75d24d738d399d74e1503fa09b458d0af0eeb163dafe8318529e547703d6ea56f3460b9dcfb2c531402511670c653e2e5ec16b88cdc176c9b953e48cc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks