Overview

overview

10

Static

static

0429aa653e...d1.exe

windows7_x64

10

0429aa653e...d1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0429aa653e64d95d0e2d8371f25d25b817230f51dc68716011601b8ecb2455d1

  • Size

    58KB

  • Sample

    220212-nng4yadeam

  • MD5

    7c667d7b588421a8aab326b5594d1cf2

  • SHA1

    29d8c88473a9b7fb2c0420852697268d07b11756

  • SHA256

    0429aa653e64d95d0e2d8371f25d25b817230f51dc68716011601b8ecb2455d1

  • SHA512

    34a34013fcc47ea5dd2d4b7899dc5dfe8d81e97fd603f054324e64c75c995e13a4808fbf81d165dda507557d10f5f9a3f312b1bca6978a57355108829a2f3a03

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0429aa653e64d95d0e2d8371f25d25b817230f51dc68716011601b8ecb2455d1

    • Size

      58KB

    • MD5

      7c667d7b588421a8aab326b5594d1cf2

    • SHA1

      29d8c88473a9b7fb2c0420852697268d07b11756

    • SHA256

      0429aa653e64d95d0e2d8371f25d25b817230f51dc68716011601b8ecb2455d1

    • SHA512

      34a34013fcc47ea5dd2d4b7899dc5dfe8d81e97fd603f054324e64c75c995e13a4808fbf81d165dda507557d10f5f9a3f312b1bca6978a57355108829a2f3a03

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks