Overview

overview

10

Static

static

10

05d12c0520...1f.exe

windows7_x64

10

05d12c0520...1f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05d12c05201460cc6da9c6bdf7063d85ce816e45f58323e68b15d144013f9f1f

  • Size

    99KB

  • Sample

    220212-mz4awabdh5

  • MD5

    1f8eea79ae56e10220fdf228e0e55568

  • SHA1

    d10515cbad5954dcb5e6e4633660c885d0cf3816

  • SHA256

    05d12c05201460cc6da9c6bdf7063d85ce816e45f58323e68b15d144013f9f1f

  • SHA512

    b29e2fbe8f974571abb70df3b981a7cf665fdbe17143c0dc215a9290328322d703391d1e330791043e04d1a951499f2b37690820072e3c7d9d6cf844ef4b135d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      05d12c05201460cc6da9c6bdf7063d85ce816e45f58323e68b15d144013f9f1f

    • Size

      99KB

    • MD5

      1f8eea79ae56e10220fdf228e0e55568

    • SHA1

      d10515cbad5954dcb5e6e4633660c885d0cf3816

    • SHA256

      05d12c05201460cc6da9c6bdf7063d85ce816e45f58323e68b15d144013f9f1f

    • SHA512

      b29e2fbe8f974571abb70df3b981a7cf665fdbe17143c0dc215a9290328322d703391d1e330791043e04d1a951499f2b37690820072e3c7d9d6cf844ef4b135d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks