Overview

overview

10

Static

static

10

060ca3332c...c5.exe

windows7_x64

10

060ca3332c...c5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    060ca3332c8f146c6a48691590f59be50fd4817f4dddc828fcb961f7c7740bc5

  • Size

    192KB

  • Sample

    220212-mwm5gsbdc8

  • MD5

    608dc3b2ac58f425adab0c8c9230a8f5

  • SHA1

    acdb32a7cedfd5eeb759a4296cd4219169988e0b

  • SHA256

    060ca3332c8f146c6a48691590f59be50fd4817f4dddc828fcb961f7c7740bc5

  • SHA512

    f4c762dfbf9ca627d172742ddd160da077bdd7e1bb31f96ee25284b02e5447636f809bea9528e4d3f67b44a8321d633e39279004db582ff7db6fd7d352c0885c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      060ca3332c8f146c6a48691590f59be50fd4817f4dddc828fcb961f7c7740bc5

    • Size

      192KB

    • MD5

      608dc3b2ac58f425adab0c8c9230a8f5

    • SHA1

      acdb32a7cedfd5eeb759a4296cd4219169988e0b

    • SHA256

      060ca3332c8f146c6a48691590f59be50fd4817f4dddc828fcb961f7c7740bc5

    • SHA512

      f4c762dfbf9ca627d172742ddd160da077bdd7e1bb31f96ee25284b02e5447636f809bea9528e4d3f67b44a8321d633e39279004db582ff7db6fd7d352c0885c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks