Overview

overview

10

Static

static

10

089acf4bb8...24.exe

windows7_x64

10

089acf4bb8...24.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    089acf4bb8efdc6b163776f58a4457e580c5074e61798087c44d627e58041124

  • Size

    92KB

  • Sample

    220212-lx49qaahb9

  • MD5

    57f355b14a2527388f82a7f585b42d47

  • SHA1

    e2175df462bbc23f731ec8e3be28e7c72c5a49fd

  • SHA256

    089acf4bb8efdc6b163776f58a4457e580c5074e61798087c44d627e58041124

  • SHA512

    75f048f60ec0e12cd883fa7eab074d9fd178ddb9c993257919de4d80907ca66006447c4308f69d3bfd027b5185f448f6d2bc83362e867c71c57712bf9889b826

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      089acf4bb8efdc6b163776f58a4457e580c5074e61798087c44d627e58041124

    • Size

      92KB

    • MD5

      57f355b14a2527388f82a7f585b42d47

    • SHA1

      e2175df462bbc23f731ec8e3be28e7c72c5a49fd

    • SHA256

      089acf4bb8efdc6b163776f58a4457e580c5074e61798087c44d627e58041124

    • SHA512

      75f048f60ec0e12cd883fa7eab074d9fd178ddb9c993257919de4d80907ca66006447c4308f69d3bfd027b5185f448f6d2bc83362e867c71c57712bf9889b826

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks