Overview

overview

10

Static

static

05e53f5761...9f.exe

windows7_x64

10

05e53f5761...9f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05e53f57619ffc96b8fafebb1e603d408d512bcac396b09309cb4cb379cc939f

  • Size

    35KB

  • Sample

    220212-mzbkvsdahn

  • MD5

    126960f2e0e10692a15ac04565fa36e5

  • SHA1

    341b78a1f09f5fff146043c5479ffc86e64caf45

  • SHA256

    05e53f57619ffc96b8fafebb1e603d408d512bcac396b09309cb4cb379cc939f

  • SHA512

    9c2b65ef78e46388fbb826732326c299fb92dbc2e04103814c51fbf354b4e1157348abcedc27085971cd56b87fc74c5efa882156bcb4f0b6a202fd71d03dc10f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      05e53f57619ffc96b8fafebb1e603d408d512bcac396b09309cb4cb379cc939f

    • Size

      35KB

    • MD5

      126960f2e0e10692a15ac04565fa36e5

    • SHA1

      341b78a1f09f5fff146043c5479ffc86e64caf45

    • SHA256

      05e53f57619ffc96b8fafebb1e603d408d512bcac396b09309cb4cb379cc939f

    • SHA512

      9c2b65ef78e46388fbb826732326c299fb92dbc2e04103814c51fbf354b4e1157348abcedc27085971cd56b87fc74c5efa882156bcb4f0b6a202fd71d03dc10f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks