Overview

overview

10

Static

static

028778a0dd...58.exe

windows7_x64

10

028778a0dd...58.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    028778a0dd1db74874ca94212daf6b779b72acdd9b75226040c3ae186560c858

  • Size

    60KB

  • Sample

    220212-n8s2yadgel

  • MD5

    247305feca3a5ce97b50efe0c34846e8

  • SHA1

    5881f2497dfc4acaeef3c6a2da4c5dd228bc1f13

  • SHA256

    028778a0dd1db74874ca94212daf6b779b72acdd9b75226040c3ae186560c858

  • SHA512

    3b6fb81c643c358e5996992ab54919a8b635af06468e2fa87cbe9d0ba0356fafe0052954672513d52c4b72e3cf5bf14b01c5e482bb182edada48995992cbd59e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      028778a0dd1db74874ca94212daf6b779b72acdd9b75226040c3ae186560c858

    • Size

      60KB

    • MD5

      247305feca3a5ce97b50efe0c34846e8

    • SHA1

      5881f2497dfc4acaeef3c6a2da4c5dd228bc1f13

    • SHA256

      028778a0dd1db74874ca94212daf6b779b72acdd9b75226040c3ae186560c858

    • SHA512

      3b6fb81c643c358e5996992ab54919a8b635af06468e2fa87cbe9d0ba0356fafe0052954672513d52c4b72e3cf5bf14b01c5e482bb182edada48995992cbd59e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks