Overview

overview

10

Static

static

10

0615a003dd...74.exe

windows7_x64

10

0615a003dd...74.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0615a003dde769f696308561026311a46ab43313ec12710397537fb301acf374

  • Size

    79KB

  • Sample

    220212-mwd7ksdaeq

  • MD5

    36f2ee7ffffdf2aaa3a3097454440918

  • SHA1

    59506547dea7f0ebdb169d754f8ce6fffe1d2112

  • SHA256

    0615a003dde769f696308561026311a46ab43313ec12710397537fb301acf374

  • SHA512

    5dd40f1722a0ebd641855f89595128a0bdb3547fc9a7ac4a23969af7c4881c098ca46e159d2242b43894e5343176635fd8ead18c0b28eb536f33a7bd123b9526

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0615a003dde769f696308561026311a46ab43313ec12710397537fb301acf374

    • Size

      79KB

    • MD5

      36f2ee7ffffdf2aaa3a3097454440918

    • SHA1

      59506547dea7f0ebdb169d754f8ce6fffe1d2112

    • SHA256

      0615a003dde769f696308561026311a46ab43313ec12710397537fb301acf374

    • SHA512

      5dd40f1722a0ebd641855f89595128a0bdb3547fc9a7ac4a23969af7c4881c098ca46e159d2242b43894e5343176635fd8ead18c0b28eb536f33a7bd123b9526

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks