Overview

overview

10

Static

static

10

06e0f084f5...27.exe

windows7_x64

10

06e0f084f5...27.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06e0f084f57cdf51fd050acd1b204c5077dc11e858d07e1521e9a6ff18727027

  • Size

    92KB

  • Sample

    220212-mk2hqsbcb4

  • MD5

    5aaecc6db7d45f4d736c53f01b520806

  • SHA1

    60ca2b9bd6a2412045ac7e3455e3e4d17abb1aac

  • SHA256

    06e0f084f57cdf51fd050acd1b204c5077dc11e858d07e1521e9a6ff18727027

  • SHA512

    f233356be210cdffcc8a63e98b5ac2afca320a88615b4195b169a59e076c23037fcc675002d35b09db2193e1d03c99d9452d5ceadf7a93de32acafe74ae9c4b0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06e0f084f57cdf51fd050acd1b204c5077dc11e858d07e1521e9a6ff18727027

    • Size

      92KB

    • MD5

      5aaecc6db7d45f4d736c53f01b520806

    • SHA1

      60ca2b9bd6a2412045ac7e3455e3e4d17abb1aac

    • SHA256

      06e0f084f57cdf51fd050acd1b204c5077dc11e858d07e1521e9a6ff18727027

    • SHA512

      f233356be210cdffcc8a63e98b5ac2afca320a88615b4195b169a59e076c23037fcc675002d35b09db2193e1d03c99d9452d5ceadf7a93de32acafe74ae9c4b0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks