Overview

overview

10

Static

static

10

062114e6ac...93.exe

windows7_x64

10

062114e6ac...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    062114e6ac851f45b277f0f6b6981335b2e73490d48b3e4c1137dbbb9a2a2b93

  • Size

    192KB

  • Sample

    220212-mvl6ssbdb8

  • MD5

    88ffe508793e8d4fc06e5b44260b4089

  • SHA1

    5c51e3f0cbf684076b8a8b0f130c304f09db2bef

  • SHA256

    062114e6ac851f45b277f0f6b6981335b2e73490d48b3e4c1137dbbb9a2a2b93

  • SHA512

    8b108bee07828b344ce4d69c2d9c6dcf9c8fe21db8ce6f5cb7276b9efd0e64de8e75b07268f7bb18a749e3b5ef9395f8672ff3a8fd0b36c01cad7396da2a3dd0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      062114e6ac851f45b277f0f6b6981335b2e73490d48b3e4c1137dbbb9a2a2b93

    • Size

      192KB

    • MD5

      88ffe508793e8d4fc06e5b44260b4089

    • SHA1

      5c51e3f0cbf684076b8a8b0f130c304f09db2bef

    • SHA256

      062114e6ac851f45b277f0f6b6981335b2e73490d48b3e4c1137dbbb9a2a2b93

    • SHA512

      8b108bee07828b344ce4d69c2d9c6dcf9c8fe21db8ce6f5cb7276b9efd0e64de8e75b07268f7bb18a749e3b5ef9395f8672ff3a8fd0b36c01cad7396da2a3dd0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks