Overview

overview

10

Static

static

10

06c49997e7...39.exe

windows7_x64

10

06c49997e7...39.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06c49997e792ac861075c01f9995435f4f2216b4cec2fc6a6b152e07314d6b39

  • Size

    150KB

  • Sample

    220212-mmtwnsbcd2

  • MD5

    ba3eab6ad41d3ae47f122e35aca4600a

  • SHA1

    8fcdbf129e8779931dbae8f381b77978d4018b5b

  • SHA256

    06c49997e792ac861075c01f9995435f4f2216b4cec2fc6a6b152e07314d6b39

  • SHA512

    3b7d6463f7d35333c85aad44c099970e557ad6ce715965638395ce7aca2df275ef3e02f299ef4249879dbcfdd053aeb102c84c0ee41650dc23fa420cce2e4ae3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06c49997e792ac861075c01f9995435f4f2216b4cec2fc6a6b152e07314d6b39

    • Size

      150KB

    • MD5

      ba3eab6ad41d3ae47f122e35aca4600a

    • SHA1

      8fcdbf129e8779931dbae8f381b77978d4018b5b

    • SHA256

      06c49997e792ac861075c01f9995435f4f2216b4cec2fc6a6b152e07314d6b39

    • SHA512

      3b7d6463f7d35333c85aad44c099970e557ad6ce715965638395ce7aca2df275ef3e02f299ef4249879dbcfdd053aeb102c84c0ee41650dc23fa420cce2e4ae3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks