Overview

overview

10

Static

static

02741c5abf...45.exe

windows7_x64

10

02741c5abf...45.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02741c5abfddab92146b369abec39a00f743474da72b97d11a7557167ce6bd45

  • Size

    60KB

  • Sample

    220212-palewacah5

  • MD5

    1eee7dbb88a4923a82c9d665706c0b3f

  • SHA1

    106ea1ce7aac00dc30711f076d543d812b2eca8c

  • SHA256

    02741c5abfddab92146b369abec39a00f743474da72b97d11a7557167ce6bd45

  • SHA512

    736cc9005bed7f7e47fd237cd77283248de5b89c9d73efeb0baee35714cc548299838416ea0bb56ee227910b8549109ac1dc520e745f949fbae6e8d25de9db24

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      02741c5abfddab92146b369abec39a00f743474da72b97d11a7557167ce6bd45

    • Size

      60KB

    • MD5

      1eee7dbb88a4923a82c9d665706c0b3f

    • SHA1

      106ea1ce7aac00dc30711f076d543d812b2eca8c

    • SHA256

      02741c5abfddab92146b369abec39a00f743474da72b97d11a7557167ce6bd45

    • SHA512

      736cc9005bed7f7e47fd237cd77283248de5b89c9d73efeb0baee35714cc548299838416ea0bb56ee227910b8549109ac1dc520e745f949fbae6e8d25de9db24

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks