Overview

overview

10

Static

static

10

062e8a0c62...13.exe

windows7_x64

10

062e8a0c62...13.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    062e8a0c621c19e8e28e4f592eb7a9cfecd05153305ccff07f15be2391a73813

  • Size

    100KB

  • Sample

    220212-mt26mabdb2

  • MD5

    124b335bcfb01a48c67aabd79f668323

  • SHA1

    25f7e0784bbe45c7f3aa50d4516be67a10868306

  • SHA256

    062e8a0c621c19e8e28e4f592eb7a9cfecd05153305ccff07f15be2391a73813

  • SHA512

    b8ef5ab245b1d82126d5caaa25d9449cd69e997cf4ef5eb678223e2b1945b12c2e45defd92a76f05538f81396548007eb26deb7e5fac8382127d70cbfdf62458

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      062e8a0c621c19e8e28e4f592eb7a9cfecd05153305ccff07f15be2391a73813

    • Size

      100KB

    • MD5

      124b335bcfb01a48c67aabd79f668323

    • SHA1

      25f7e0784bbe45c7f3aa50d4516be67a10868306

    • SHA256

      062e8a0c621c19e8e28e4f592eb7a9cfecd05153305ccff07f15be2391a73813

    • SHA512

      b8ef5ab245b1d82126d5caaa25d9449cd69e997cf4ef5eb678223e2b1945b12c2e45defd92a76f05538f81396548007eb26deb7e5fac8382127d70cbfdf62458

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks