Overview

overview

10

Static

static

10

06bdb8d002...96.exe

windows7_x64

10

06bdb8d002...96.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06bdb8d0027d7ca6ed907ae1fb276255afed5991b5c427181cd24075eca32396

  • Size

    89KB

  • Sample

    220212-mnb29abcd8

  • MD5

    2a1588ddc7fc49512810c778c354316a

  • SHA1

    dbf2d1e3a4f84b04b06afba4a1e610a746fd3be8

  • SHA256

    06bdb8d0027d7ca6ed907ae1fb276255afed5991b5c427181cd24075eca32396

  • SHA512

    5b940dd16f9889ec32bcde0e550e64c43af148f2e932447394009cf0435e9193f62dc69514b770ac249425fa9350880d1f4978978866d2b1beee49901abba50d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06bdb8d0027d7ca6ed907ae1fb276255afed5991b5c427181cd24075eca32396

    • Size

      89KB

    • MD5

      2a1588ddc7fc49512810c778c354316a

    • SHA1

      dbf2d1e3a4f84b04b06afba4a1e610a746fd3be8

    • SHA256

      06bdb8d0027d7ca6ed907ae1fb276255afed5991b5c427181cd24075eca32396

    • SHA512

      5b940dd16f9889ec32bcde0e550e64c43af148f2e932447394009cf0435e9193f62dc69514b770ac249425fa9350880d1f4978978866d2b1beee49901abba50d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks