Overview

overview

10

Static

static

10

02851f67b0...d3.exe

windows7_x64

10

02851f67b0...d3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02851f67b0801ac46417309807fcab3c82f8a0f9cf237e553afc06f043170fd3

  • Size

    150KB

  • Sample

    220212-n85ezacag2

  • MD5

    a1839f6fd9d07f0ee3ae65aa20318fad

  • SHA1

    0b119f4e3c2168c6f3f6dbc0e995a578a1c0196b

  • SHA256

    02851f67b0801ac46417309807fcab3c82f8a0f9cf237e553afc06f043170fd3

  • SHA512

    dfb90ada03ce51a170a55ca6b9d0b37f7c691d247c78b7cff3b17ce19d9a230c8e84f3874847280c19545afbf8d1af4366da0b0eed488adf39d907ec307d5e14

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      02851f67b0801ac46417309807fcab3c82f8a0f9cf237e553afc06f043170fd3

    • Size

      150KB

    • MD5

      a1839f6fd9d07f0ee3ae65aa20318fad

    • SHA1

      0b119f4e3c2168c6f3f6dbc0e995a578a1c0196b

    • SHA256

      02851f67b0801ac46417309807fcab3c82f8a0f9cf237e553afc06f043170fd3

    • SHA512

      dfb90ada03ce51a170a55ca6b9d0b37f7c691d247c78b7cff3b17ce19d9a230c8e84f3874847280c19545afbf8d1af4366da0b0eed488adf39d907ec307d5e14

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks