Overview

overview

10

Static

static

042a51bcc2...04.exe

windows7_x64

10

042a51bcc2...04.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    042a51bcc2d0726338129404a7a47abcf7b230a0c43df3b98288141007d14f04

  • Size

    36KB

  • Sample

    220212-nnc5zsdeaj

  • MD5

    f8f2ad0a8b6c8a3ede5e32f30399d10f

  • SHA1

    3029478a37e94804189116bbb350d9c96e144292

  • SHA256

    042a51bcc2d0726338129404a7a47abcf7b230a0c43df3b98288141007d14f04

  • SHA512

    d46e3d8b12addd6953ed372ac944c644f681b3d9f9c76490114b04beeac54cd1ec7232dd26334e3a793161ebb8f99acc83062db0a97920efdff0c22f26ff519a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      042a51bcc2d0726338129404a7a47abcf7b230a0c43df3b98288141007d14f04

    • Size

      36KB

    • MD5

      f8f2ad0a8b6c8a3ede5e32f30399d10f

    • SHA1

      3029478a37e94804189116bbb350d9c96e144292

    • SHA256

      042a51bcc2d0726338129404a7a47abcf7b230a0c43df3b98288141007d14f04

    • SHA512

      d46e3d8b12addd6953ed372ac944c644f681b3d9f9c76490114b04beeac54cd1ec7232dd26334e3a793161ebb8f99acc83062db0a97920efdff0c22f26ff519a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks