Overview

overview

10

Static

static

10

05de3efeb1...18.exe

windows7_x64

10

05de3efeb1...18.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05de3efeb1dc50be4a36ab0a22523975fcd7411b8b099a154293c484b5b2f018

  • Size

    89KB

  • Sample

    220212-mzhn6sbdg5

  • MD5

    dd047a7b40608c0148809dd66e60b578

  • SHA1

    dc7ecea3a5648572796a160b4a49485181c75278

  • SHA256

    05de3efeb1dc50be4a36ab0a22523975fcd7411b8b099a154293c484b5b2f018

  • SHA512

    56d4a213506cbf6051473823e38a09c560ca381608ef3de355dd06d643423c6b1a27044c918d67376bd4f6909685f63a407110eaabbee8e1a4c620146a735e2b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      05de3efeb1dc50be4a36ab0a22523975fcd7411b8b099a154293c484b5b2f018

    • Size

      89KB

    • MD5

      dd047a7b40608c0148809dd66e60b578

    • SHA1

      dc7ecea3a5648572796a160b4a49485181c75278

    • SHA256

      05de3efeb1dc50be4a36ab0a22523975fcd7411b8b099a154293c484b5b2f018

    • SHA512

      56d4a213506cbf6051473823e38a09c560ca381608ef3de355dd06d643423c6b1a27044c918d67376bd4f6909685f63a407110eaabbee8e1a4c620146a735e2b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks