Overview

overview

10

Static

static

028977d5fe...84.exe

windows7_x64

10

028977d5fe...84.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    028977d5fe9fa05d34e35eb2c870c08be77967f9f69f13006cb452a9dd736584

  • Size

    58KB

  • Sample

    220212-n8lymadgej

  • MD5

    acb548b00bba3f862975ba2388749182

  • SHA1

    9d3b356a029bffe2414399487d39ba806223c120

  • SHA256

    028977d5fe9fa05d34e35eb2c870c08be77967f9f69f13006cb452a9dd736584

  • SHA512

    277745a8affe060cc26f9693322df6871743e222c98fcdd618e897a003afb66da19124830bafd83c8fe8ed32103f4fc16ec84a3c82d65c6c5aeb7f083db20974

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      028977d5fe9fa05d34e35eb2c870c08be77967f9f69f13006cb452a9dd736584

    • Size

      58KB

    • MD5

      acb548b00bba3f862975ba2388749182

    • SHA1

      9d3b356a029bffe2414399487d39ba806223c120

    • SHA256

      028977d5fe9fa05d34e35eb2c870c08be77967f9f69f13006cb452a9dd736584

    • SHA512

      277745a8affe060cc26f9693322df6871743e222c98fcdd618e897a003afb66da19124830bafd83c8fe8ed32103f4fc16ec84a3c82d65c6c5aeb7f083db20974

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks