Overview

overview

10

Static

static

04101dfe1b...f8.exe

windows7_x64

10

04101dfe1b...f8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04101dfe1ba014c35a6a3f5e2f346f545b1219f4b683ff6d43376289840634f8

  • Size

    60KB

  • Sample

    220212-npe1zabge7

  • MD5

    41b8f2e81bf59120d05ef0508dc84e6a

  • SHA1

    a3cc7abd35d6e013b8170441c367f39cbebaf73d

  • SHA256

    04101dfe1ba014c35a6a3f5e2f346f545b1219f4b683ff6d43376289840634f8

  • SHA512

    921e726eab61070819948fc115b1247178a294f35a30e17041fcf94c293181bb99f82c749fc61fcd9c2c4bd8dcda84acf7e4b79eec10e31a9998a8e57dbaa94f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      04101dfe1ba014c35a6a3f5e2f346f545b1219f4b683ff6d43376289840634f8

    • Size

      60KB

    • MD5

      41b8f2e81bf59120d05ef0508dc84e6a

    • SHA1

      a3cc7abd35d6e013b8170441c367f39cbebaf73d

    • SHA256

      04101dfe1ba014c35a6a3f5e2f346f545b1219f4b683ff6d43376289840634f8

    • SHA512

      921e726eab61070819948fc115b1247178a294f35a30e17041fcf94c293181bb99f82c749fc61fcd9c2c4bd8dcda84acf7e4b79eec10e31a9998a8e57dbaa94f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks