Overview

overview

10

Static

static

060eba8fde...11.exe

windows7_x64

10

060eba8fde...11.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    060eba8fde03ac98349712ce45f295b880d69a9a66db21bd238f541ccaa46711

  • Size

    36KB

  • Sample

    220212-mwkz5adafj

  • MD5

    1350d3814b46915b507cd083271a82cb

  • SHA1

    09e0bb67975f1a066dbd9c90c4c2b1b30c7e350b

  • SHA256

    060eba8fde03ac98349712ce45f295b880d69a9a66db21bd238f541ccaa46711

  • SHA512

    f10c37c55b833ededf63e5b6d23ad6c9e68f4a3fac76b48b93cd5779c3575c5af886c6f8299ba8563a985d6c33c2a7a9cfcbf12d2a772c38a5aa2ba73daae6b6

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      060eba8fde03ac98349712ce45f295b880d69a9a66db21bd238f541ccaa46711

    • Size

      36KB

    • MD5

      1350d3814b46915b507cd083271a82cb

    • SHA1

      09e0bb67975f1a066dbd9c90c4c2b1b30c7e350b

    • SHA256

      060eba8fde03ac98349712ce45f295b880d69a9a66db21bd238f541ccaa46711

    • SHA512

      f10c37c55b833ededf63e5b6d23ad6c9e68f4a3fac76b48b93cd5779c3575c5af886c6f8299ba8563a985d6c33c2a7a9cfcbf12d2a772c38a5aa2ba73daae6b6

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks