Overview

overview

10

Static

static

10

06558491f7...fc.exe

windows7_x64

10

06558491f7...fc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc

  • Size

    192KB

  • Sample

    220212-mr1j1sbcg9

  • MD5

    7ae2ec6401abf2b6daf721c8d9fbc4a9

  • SHA1

    cf32414f736b4812551e4cf05a6fe601d1f45cd0

  • SHA256

    06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc

  • SHA512

    5a01f148590c8eb7dc11299c41d9fd5f4fbefa384312559d844b1504b90ddf7ad9432e64bf6245f67538de7817c42e99d0d3190097e9fabdebab6a5030b1ba1c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc

    • Size

      192KB

    • MD5

      7ae2ec6401abf2b6daf721c8d9fbc4a9

    • SHA1

      cf32414f736b4812551e4cf05a6fe601d1f45cd0

    • SHA256

      06558491f7fc15b9c33d957023c6d9f484a0840a7f8d8f59e55ddd22b161adfc

    • SHA512

      5a01f148590c8eb7dc11299c41d9fd5f4fbefa384312559d844b1504b90ddf7ad9432e64bf6245f67538de7817c42e99d0d3190097e9fabdebab6a5030b1ba1c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks