Overview

overview

10

Static

static

10

05d937ee6b...d2.exe

windows7_x64

10

05d937ee6b...d2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05d937ee6b04d9c64e2ba0abe440b5e888e1b70fc8bf4a0518f896d08aa6a6d2

  • Size

    192KB

  • Sample

    220212-mzy16abdh3

  • MD5

    0a14b6a5b5bef15d7418404c5a3f8ca2

  • SHA1

    df74b88e00e15d3863c45ddc309e224d93fcdb04

  • SHA256

    05d937ee6b04d9c64e2ba0abe440b5e888e1b70fc8bf4a0518f896d08aa6a6d2

  • SHA512

    062fae83a3c26e92b60700de310544d125caa9377cb4b140d09c963c413d69875ca7dc1fc17973a444f073f20c8b7e74d3764cb79c75b78239f28ffc4ed9079a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      05d937ee6b04d9c64e2ba0abe440b5e888e1b70fc8bf4a0518f896d08aa6a6d2

    • Size

      192KB

    • MD5

      0a14b6a5b5bef15d7418404c5a3f8ca2

    • SHA1

      df74b88e00e15d3863c45ddc309e224d93fcdb04

    • SHA256

      05d937ee6b04d9c64e2ba0abe440b5e888e1b70fc8bf4a0518f896d08aa6a6d2

    • SHA512

      062fae83a3c26e92b60700de310544d125caa9377cb4b140d09c963c413d69875ca7dc1fc17973a444f073f20c8b7e74d3764cb79c75b78239f28ffc4ed9079a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks