Overview

overview

10

Static

static

074752b1ab...37.exe

windows7_x64

10

074752b1ab...37.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    074752b1ab90d8ad66dfcd5c28e1cec5b62162fd29efb4734830383747abf337

  • Size

    35KB

  • Sample

    220212-mf3v1acgeq

  • MD5

    e1fb893a67aeca9ff01e08bc73c62227

  • SHA1

    7b3e4b0a7175a9740bbe4a0e67820fb75cbc5cd8

  • SHA256

    074752b1ab90d8ad66dfcd5c28e1cec5b62162fd29efb4734830383747abf337

  • SHA512

    be173c2bfa17c87f787e80d64b477cf88151570469d28893b72325cc1398e7bc48e17e6e50a95e64e211d301382c31a0d31be43fb52282fcfb583bda5f9c6cb1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      074752b1ab90d8ad66dfcd5c28e1cec5b62162fd29efb4734830383747abf337

    • Size

      35KB

    • MD5

      e1fb893a67aeca9ff01e08bc73c62227

    • SHA1

      7b3e4b0a7175a9740bbe4a0e67820fb75cbc5cd8

    • SHA256

      074752b1ab90d8ad66dfcd5c28e1cec5b62162fd29efb4734830383747abf337

    • SHA512

      be173c2bfa17c87f787e80d64b477cf88151570469d28893b72325cc1398e7bc48e17e6e50a95e64e211d301382c31a0d31be43fb52282fcfb583bda5f9c6cb1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks