Overview

overview

10

Static

static

10

0046fa86e5...c4.exe

windows7_x64

10

0046fa86e5...c4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0046fa86e5ad1bbca039b611ffb857d82b20e5be272b19b83aa1dc6c90df47c4

  • Size

    80KB

  • Sample

    220212-p2m3saecam

  • MD5

    a6974198eb53d0e73896502c65b886bd

  • SHA1

    6e69955cb1c8985bd77ec20f440c1b0fcf527bc1

  • SHA256

    0046fa86e5ad1bbca039b611ffb857d82b20e5be272b19b83aa1dc6c90df47c4

  • SHA512

    4cce15eea75c785dbdb4f0f133f3a15cf8b02323dd4f0fa7173c7d66491d6d5574f059fd57b56e031bc45b976f6839c8d344aa1b54ebca9cc317a4e2bdf4b702

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0046fa86e5ad1bbca039b611ffb857d82b20e5be272b19b83aa1dc6c90df47c4

    • Size

      80KB

    • MD5

      a6974198eb53d0e73896502c65b886bd

    • SHA1

      6e69955cb1c8985bd77ec20f440c1b0fcf527bc1

    • SHA256

      0046fa86e5ad1bbca039b611ffb857d82b20e5be272b19b83aa1dc6c90df47c4

    • SHA512

      4cce15eea75c785dbdb4f0f133f3a15cf8b02323dd4f0fa7173c7d66491d6d5574f059fd57b56e031bc45b976f6839c8d344aa1b54ebca9cc317a4e2bdf4b702

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks