Overview

overview

10

Static

static

10

052cb0f343...fc.exe

windows7_x64

10

052cb0f343...fc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    052cb0f343d68ffe56c63604b81d9bc2f7099c985a0edb014999beef9b1dc4fc

  • Size

    92KB

  • Sample

    220212-m9jzzsbeh9

  • MD5

    8bb43d100d9d5f6333959e111fb0b8bf

  • SHA1

    d825974ff8ee95cc6fb778beb63c86a6b1f7d9fb

  • SHA256

    052cb0f343d68ffe56c63604b81d9bc2f7099c985a0edb014999beef9b1dc4fc

  • SHA512

    a8f5f61eda8a5fe6f55105ff5489881b1deda004a726cfdbe3438549d3a803656307d124a36d69dadaa6a90e5f6f92a2cd954504d7f2e4448953d37e8939ea45

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      052cb0f343d68ffe56c63604b81d9bc2f7099c985a0edb014999beef9b1dc4fc

    • Size

      92KB

    • MD5

      8bb43d100d9d5f6333959e111fb0b8bf

    • SHA1

      d825974ff8ee95cc6fb778beb63c86a6b1f7d9fb

    • SHA256

      052cb0f343d68ffe56c63604b81d9bc2f7099c985a0edb014999beef9b1dc4fc

    • SHA512

      a8f5f61eda8a5fe6f55105ff5489881b1deda004a726cfdbe3438549d3a803656307d124a36d69dadaa6a90e5f6f92a2cd954504d7f2e4448953d37e8939ea45

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks