Overview

overview

10

Static

static

075a5c4486...39.exe

windows7_x64

10

075a5c4486...39.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    075a5c448648f728cb240f337e412ffff4edd369889c37829da08fe42b55d139

  • Size

    58KB

  • Sample

    220212-mfbrhscgel

  • MD5

    f3c859f944657978b196d73f3bf56483

  • SHA1

    23e4ae27a3f1b81600e226ccad7333c28cedcf92

  • SHA256

    075a5c448648f728cb240f337e412ffff4edd369889c37829da08fe42b55d139

  • SHA512

    87405d4f2ae9693052ff2a914bbc3e79f1ee9c2cf92e92d8677b916b396ea77a89a789f36fa00d54bcbc60fd902347a35b041d67dce09808bfaf580b3387c0b8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      075a5c448648f728cb240f337e412ffff4edd369889c37829da08fe42b55d139

    • Size

      58KB

    • MD5

      f3c859f944657978b196d73f3bf56483

    • SHA1

      23e4ae27a3f1b81600e226ccad7333c28cedcf92

    • SHA256

      075a5c448648f728cb240f337e412ffff4edd369889c37829da08fe42b55d139

    • SHA512

      87405d4f2ae9693052ff2a914bbc3e79f1ee9c2cf92e92d8677b916b396ea77a89a789f36fa00d54bcbc60fd902347a35b041d67dce09808bfaf580b3387c0b8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks