Overview

overview

10

Static

static

040e504f41...81.exe

windows7_x64

10

040e504f41...81.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    040e504f41f149e15320f1f456cc012c9d4422d4c2e949582a5240b8bc3a4781

  • Size

    60KB

  • Sample

    220212-npg6bsbge9

  • MD5

    118b606dd47079e0a137370ed96e182d

  • SHA1

    22770e146365e45b409156e4cd32901d7c6f8444

  • SHA256

    040e504f41f149e15320f1f456cc012c9d4422d4c2e949582a5240b8bc3a4781

  • SHA512

    4ba76ab32f2a143cc699ff80c530697cc4cf258c2b090a5fe7ff5c3ecc83c7ce1e361a10a3937eb1c09886cafa58cac12451fcb5faae9d67395a947492f8c78e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      040e504f41f149e15320f1f456cc012c9d4422d4c2e949582a5240b8bc3a4781

    • Size

      60KB

    • MD5

      118b606dd47079e0a137370ed96e182d

    • SHA1

      22770e146365e45b409156e4cd32901d7c6f8444

    • SHA256

      040e504f41f149e15320f1f456cc012c9d4422d4c2e949582a5240b8bc3a4781

    • SHA512

      4ba76ab32f2a143cc699ff80c530697cc4cf258c2b090a5fe7ff5c3ecc83c7ce1e361a10a3937eb1c09886cafa58cac12451fcb5faae9d67395a947492f8c78e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks