Overview

overview

10

Static

static

10

04c6b6290f...5c.exe

windows7_x64

10

04c6b6290f...5c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04c6b6290f2fc193787b104bc68eef6a068ad284e2b2bcce995dbb416bb91e5c

  • Size

    80KB

  • Sample

    220212-ndyc6sdcgm

  • MD5

    a9d2f5dc58452bb8919ed97b070ef830

  • SHA1

    61106d379885e5eddb3d57c66f9bd1b039264f1f

  • SHA256

    04c6b6290f2fc193787b104bc68eef6a068ad284e2b2bcce995dbb416bb91e5c

  • SHA512

    cfb3016e3027cf089aec77f3ec31c53db8a9b817d8da4821509fd738f8400e778ad8094e2a5aae2b0c625a5c2ab29010689c4dee5aba11adc279ec6a33f7c7e3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      04c6b6290f2fc193787b104bc68eef6a068ad284e2b2bcce995dbb416bb91e5c

    • Size

      80KB

    • MD5

      a9d2f5dc58452bb8919ed97b070ef830

    • SHA1

      61106d379885e5eddb3d57c66f9bd1b039264f1f

    • SHA256

      04c6b6290f2fc193787b104bc68eef6a068ad284e2b2bcce995dbb416bb91e5c

    • SHA512

      cfb3016e3027cf089aec77f3ec31c53db8a9b817d8da4821509fd738f8400e778ad8094e2a5aae2b0c625a5c2ab29010689c4dee5aba11adc279ec6a33f7c7e3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks