Overview

overview

10

Static

static

10

049f773c70...40.exe

windows7_x64

10

049f773c70...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    049f773c70a9145e4b3e358578a9e703b26ce46a582cc89f814902fe77532840

  • Size

    99KB

  • Sample

    220212-nfv1tsbfg2

  • MD5

    f32cf7eb214b51d9ddd8b5898501c479

  • SHA1

    8caf0b0f0f263cf92073fd52a6e93d23f0160859

  • SHA256

    049f773c70a9145e4b3e358578a9e703b26ce46a582cc89f814902fe77532840

  • SHA512

    f5f4888d304af26df9ba570ce23119419ff23374171b9be8cf811bcd3936a461d5d01826c7d871899b80ef0acafd3adb8f82e22c22884c9a1a02d5cd21138e97

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      049f773c70a9145e4b3e358578a9e703b26ce46a582cc89f814902fe77532840

    • Size

      99KB

    • MD5

      f32cf7eb214b51d9ddd8b5898501c479

    • SHA1

      8caf0b0f0f263cf92073fd52a6e93d23f0160859

    • SHA256

      049f773c70a9145e4b3e358578a9e703b26ce46a582cc89f814902fe77532840

    • SHA512

      f5f4888d304af26df9ba570ce23119419ff23374171b9be8cf811bcd3936a461d5d01826c7d871899b80ef0acafd3adb8f82e22c22884c9a1a02d5cd21138e97

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks