Overview

overview

10

Static

static

10

03a3561222...f5.exe

windows7_x64

10

03a3561222...f5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03a3561222ede6afaf88786e2cd44dce4f9208c3a7526199751aee8a2e117cf5

  • Size

    99KB

  • Sample

    220212-ntyc4sdegq

  • MD5

    71b8ef93810bd3b1a7a5aa03f55ebd13

  • SHA1

    3610b80e2a80179eaf452bca78469b3b4eccd91f

  • SHA256

    03a3561222ede6afaf88786e2cd44dce4f9208c3a7526199751aee8a2e117cf5

  • SHA512

    a7a2e1db442b2744280f6a9532950e365691782480a23b747960e6a17ade7b7aeb4db2770626a384dc06d4da690455bbf98c3525f38982f3e65e4a1b5a5bc64c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      03a3561222ede6afaf88786e2cd44dce4f9208c3a7526199751aee8a2e117cf5

    • Size

      99KB

    • MD5

      71b8ef93810bd3b1a7a5aa03f55ebd13

    • SHA1

      3610b80e2a80179eaf452bca78469b3b4eccd91f

    • SHA256

      03a3561222ede6afaf88786e2cd44dce4f9208c3a7526199751aee8a2e117cf5

    • SHA512

      a7a2e1db442b2744280f6a9532950e365691782480a23b747960e6a17ade7b7aeb4db2770626a384dc06d4da690455bbf98c3525f38982f3e65e4a1b5a5bc64c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks