Overview

overview

10

Static

static

10

055c9a8725...cf.exe

windows7_x64

10

055c9a8725...cf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    055c9a87250af9ebaa63c65fd03300d1a6ae2fc5637767ef7cbeb9391ee2d3cf

  • Size

    192KB

  • Sample

    220212-m661cadbgq

  • MD5

    b679a58f7b1d8ff8a33314fcf226b4eb

  • SHA1

    23604499cc666d3279b7a26c39ece82304158fef

  • SHA256

    055c9a87250af9ebaa63c65fd03300d1a6ae2fc5637767ef7cbeb9391ee2d3cf

  • SHA512

    9233ffa72f1917703fd6662ed94c659e296f132631442f8578afae30d0f3fa83c3c9b38d3d81700b1a9a6996abc8e9312ce432c5d990505a9892cd7843712ceb

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      055c9a87250af9ebaa63c65fd03300d1a6ae2fc5637767ef7cbeb9391ee2d3cf

    • Size

      192KB

    • MD5

      b679a58f7b1d8ff8a33314fcf226b4eb

    • SHA1

      23604499cc666d3279b7a26c39ece82304158fef

    • SHA256

      055c9a87250af9ebaa63c65fd03300d1a6ae2fc5637767ef7cbeb9391ee2d3cf

    • SHA512

      9233ffa72f1917703fd6662ed94c659e296f132631442f8578afae30d0f3fa83c3c9b38d3d81700b1a9a6996abc8e9312ce432c5d990505a9892cd7843712ceb

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks