Overview

overview

10

Static

static

05a32d54f3...2d.exe

windows7_x64

10

05a32d54f3...2d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05a32d54f3941c2ae46d010e424640bc277c049731c95fa4eea4942853dce02d

  • Size

    60KB

  • Sample

    220212-m2xk4sbeb3

  • MD5

    83961c4eb6aa2302be47d90cf1801e5f

  • SHA1

    91568cf6723a454d5895484a28d77457cd115da2

  • SHA256

    05a32d54f3941c2ae46d010e424640bc277c049731c95fa4eea4942853dce02d

  • SHA512

    76600de65b60d30106341cac4fbeac4bce527ff9dd0d8c062ec13d6a92d1d0a071e85da3dfb7c93a0116249995e3bf5fe4065b074c87fde4cfb7225ee9b7a2f1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      05a32d54f3941c2ae46d010e424640bc277c049731c95fa4eea4942853dce02d

    • Size

      60KB

    • MD5

      83961c4eb6aa2302be47d90cf1801e5f

    • SHA1

      91568cf6723a454d5895484a28d77457cd115da2

    • SHA256

      05a32d54f3941c2ae46d010e424640bc277c049731c95fa4eea4942853dce02d

    • SHA512

      76600de65b60d30106341cac4fbeac4bce527ff9dd0d8c062ec13d6a92d1d0a071e85da3dfb7c93a0116249995e3bf5fe4065b074c87fde4cfb7225ee9b7a2f1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks