Overview

overview

10

Static

static

041789d1ed...f3.exe

windows7_x64

10

041789d1ed...f3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    041789d1ed6672c7bfa33287bb41da71a07b34445b71b31df4a66d4fb8f665f3

  • Size

    60KB

  • Sample

    220212-nn8xnadebk

  • MD5

    96ae70512cca8641a8180add0668a347

  • SHA1

    317b95fb25e92ea81dfc503470dc6bc54c3c41a0

  • SHA256

    041789d1ed6672c7bfa33287bb41da71a07b34445b71b31df4a66d4fb8f665f3

  • SHA512

    d72c73f54c5734e785a0f926fc74663ba2165719fdd5bb825ac9a1c6a05b6b9999136c476887ee43c2780f9d98ceff381a67d89f139d35c82a58c416210acadd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      041789d1ed6672c7bfa33287bb41da71a07b34445b71b31df4a66d4fb8f665f3

    • Size

      60KB

    • MD5

      96ae70512cca8641a8180add0668a347

    • SHA1

      317b95fb25e92ea81dfc503470dc6bc54c3c41a0

    • SHA256

      041789d1ed6672c7bfa33287bb41da71a07b34445b71b31df4a66d4fb8f665f3

    • SHA512

      d72c73f54c5734e785a0f926fc74663ba2165719fdd5bb825ac9a1c6a05b6b9999136c476887ee43c2780f9d98ceff381a67d89f139d35c82a58c416210acadd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks