Overview

overview

10

Static

static

10

4882622a4c...76.exe

windows7_x64

10

4882622a4c...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4882622a4c8ab3952d8594a25e372dc2d4abc1f289b4aa695cc19cfa2522f476

  • Size

    101KB

  • Sample

    220323-ljl6zsbgd5

  • MD5

    c5b1f1974636a83b70a0c606a81cc2b0

  • SHA1

    c28159ca7d6a6e27cc96a945b35fe476290248b7

  • SHA256

    4882622a4c8ab3952d8594a25e372dc2d4abc1f289b4aa695cc19cfa2522f476

  • SHA512

    e732610be35754ec8fd0df291d233043b5ab4ddaab3b66389cd444c9411e43c281777e2e4efeaecc1bcd69c543f1970e8c8e7dc0d09f933ca574e8ed86862f15

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      4882622a4c8ab3952d8594a25e372dc2d4abc1f289b4aa695cc19cfa2522f476

    • Size

      101KB

    • MD5

      c5b1f1974636a83b70a0c606a81cc2b0

    • SHA1

      c28159ca7d6a6e27cc96a945b35fe476290248b7

    • SHA256

      4882622a4c8ab3952d8594a25e372dc2d4abc1f289b4aa695cc19cfa2522f476

    • SHA512

      e732610be35754ec8fd0df291d233043b5ab4ddaab3b66389cd444c9411e43c281777e2e4efeaecc1bcd69c543f1970e8c8e7dc0d09f933ca574e8ed86862f15

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks