Overview

overview

10

Static

static

04f5d7b235...6f.exe

windows7_x64

10

04f5d7b235...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04f5d7b235c0c947ff795f1c58302a66a90c93b307401eafbc33615b4309856f

  • Size

    60KB

  • Sample

    220212-nbw3bsdcdq

  • MD5

    e6e2ebd47764c85a060f3757a654ee6b

  • SHA1

    351f7f2d430a7c299d31a95a45286d8d38202839

  • SHA256

    04f5d7b235c0c947ff795f1c58302a66a90c93b307401eafbc33615b4309856f

  • SHA512

    315688683595744f0e09e976df3d478ff7d9c6ebbc9d50f033c132dc2c3003bc4d89f74fa0a31d4d5c82f219fa1dae057c7ef05629e4ca25b4d9cef9e0d926e2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      04f5d7b235c0c947ff795f1c58302a66a90c93b307401eafbc33615b4309856f

    • Size

      60KB

    • MD5

      e6e2ebd47764c85a060f3757a654ee6b

    • SHA1

      351f7f2d430a7c299d31a95a45286d8d38202839

    • SHA256

      04f5d7b235c0c947ff795f1c58302a66a90c93b307401eafbc33615b4309856f

    • SHA512

      315688683595744f0e09e976df3d478ff7d9c6ebbc9d50f033c132dc2c3003bc4d89f74fa0a31d4d5c82f219fa1dae057c7ef05629e4ca25b4d9cef9e0d926e2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks