Overview

overview

10

Static

static

064ef8d8d5...19.exe

windows7_x64

10

064ef8d8d5...19.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    064ef8d8d5cca668a387d9aa94105b94253ef2ce42165d7feff590b25d305119

  • Size

    58KB

  • Sample

    220212-mr3pdadabn

  • MD5

    653e40482797486573f875008f1bf11e

  • SHA1

    83c47e4499034d4502b14b188924dacc8ec6e820

  • SHA256

    064ef8d8d5cca668a387d9aa94105b94253ef2ce42165d7feff590b25d305119

  • SHA512

    f5c7c496537c8f8ed8368c8a29e18ec5319693580305b90100aed903b0d1d37b462ec3668c5a69205e2fe9b44ec6b1cb94fd490027ea08cd6c490c06f09406c0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      064ef8d8d5cca668a387d9aa94105b94253ef2ce42165d7feff590b25d305119

    • Size

      58KB

    • MD5

      653e40482797486573f875008f1bf11e

    • SHA1

      83c47e4499034d4502b14b188924dacc8ec6e820

    • SHA256

      064ef8d8d5cca668a387d9aa94105b94253ef2ce42165d7feff590b25d305119

    • SHA512

      f5c7c496537c8f8ed8368c8a29e18ec5319693580305b90100aed903b0d1d37b462ec3668c5a69205e2fe9b44ec6b1cb94fd490027ea08cd6c490c06f09406c0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks