Overview

overview

10

Static

static

10

efb2aac42a...36.exe

windows7_x64

10

efb2aac42a...36.exe

windows10_x64

10

efb2aac42a...36.exe

windows10-2004_x64

10

Resubmissions

24-02-2022 11:09

220224-m8635achc5 10

30-09-2021 07:38

210930-jgeb9aghd5 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efb2aac42ae3c336beae35ea0063d1cec78261857a246693fd9d91a233b43636

  • Size

    3.9MB

  • Sample

    220224-m8635achc5

  • MD5

    0c91f541c351849c1b48be81b7e4f197

  • SHA1

    bda480d45467f44a36c6ac046a08b0b3b2e6bf83

  • SHA256

    efb2aac42ae3c336beae35ea0063d1cec78261857a246693fd9d91a233b43636

  • SHA512

    940176cdb87ada4590adb2ffa6fdb5694b950f7dc5f5a2b7f3d44b619de577efc46681e0b0e707137996b7aceec01e722804f2b2a046db3b7f45e7dda46e9b1c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      efb2aac42ae3c336beae35ea0063d1cec78261857a246693fd9d91a233b43636

    • Size

      3.9MB

    • MD5

      0c91f541c351849c1b48be81b7e4f197

    • SHA1

      bda480d45467f44a36c6ac046a08b0b3b2e6bf83

    • SHA256

      efb2aac42ae3c336beae35ea0063d1cec78261857a246693fd9d91a233b43636

    • SHA512

      940176cdb87ada4590adb2ffa6fdb5694b950f7dc5f5a2b7f3d44b619de577efc46681e0b0e707137996b7aceec01e722804f2b2a046db3b7f45e7dda46e9b1c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks