Overview

overview

10

Static

static

10

042d3b3f79...b8.exe

windows7_x64

10

042d3b3f79...b8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    042d3b3f7955e2406c4ac68a338a22bb8ed28993fe108a0d71ef990edfc6a8b8

  • Size

    216KB

  • Sample

    220212-nm8v9sbgd6

  • MD5

    b7265e19c3f6b5392a05b8b787e13d97

  • SHA1

    8d6c55dcdd9877630bf8ff16808b6b849128189a

  • SHA256

    042d3b3f7955e2406c4ac68a338a22bb8ed28993fe108a0d71ef990edfc6a8b8

  • SHA512

    591e0153d948149e66d7b58549855c920c7d553714e1075c57e646d0392677fe7fe8ec770658a0f4e30fe2d19af6f0671a84bb3e9247d3a1b4970e12d6cbb06b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      042d3b3f7955e2406c4ac68a338a22bb8ed28993fe108a0d71ef990edfc6a8b8

    • Size

      216KB

    • MD5

      b7265e19c3f6b5392a05b8b787e13d97

    • SHA1

      8d6c55dcdd9877630bf8ff16808b6b849128189a

    • SHA256

      042d3b3f7955e2406c4ac68a338a22bb8ed28993fe108a0d71ef990edfc6a8b8

    • SHA512

      591e0153d948149e66d7b58549855c920c7d553714e1075c57e646d0392677fe7fe8ec770658a0f4e30fe2d19af6f0671a84bb3e9247d3a1b4970e12d6cbb06b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks