Overview

overview

10

Static

static

07410a339d...08.exe

windows7_x64

10

07410a339d...08.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07410a339de15e2fc03a88605eb86eb11082da17882ba34e3886106fe8589208

  • Size

    60KB

  • Sample

    220212-mf9zbabbd7

  • MD5

    97835e25ffc45805137c32276742aeba

  • SHA1

    556f2595df84b250076bf7dcad7c77fc8e262e31

  • SHA256

    07410a339de15e2fc03a88605eb86eb11082da17882ba34e3886106fe8589208

  • SHA512

    481b70e995da63913ad2089682d71461e86c55d82937100db8b7a61be8e1da3fd2c4aeaec2efafe13e93957bd2c89db2aa7b62c1c0855d157065b6d61bfe0137

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      07410a339de15e2fc03a88605eb86eb11082da17882ba34e3886106fe8589208

    • Size

      60KB

    • MD5

      97835e25ffc45805137c32276742aeba

    • SHA1

      556f2595df84b250076bf7dcad7c77fc8e262e31

    • SHA256

      07410a339de15e2fc03a88605eb86eb11082da17882ba34e3886106fe8589208

    • SHA512

      481b70e995da63913ad2089682d71461e86c55d82937100db8b7a61be8e1da3fd2c4aeaec2efafe13e93957bd2c89db2aa7b62c1c0855d157065b6d61bfe0137

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks