Overview

overview

10

Static

static

176a9c7949...50.exe

windows7_x64

10

176a9c7949...50.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    176a9c79497aab42a4071218e86668c749c5a1021c681084dd693b2d11519b50

  • Size

    36KB

  • Sample

    220212-d3l2bsfeb5

  • MD5

    d7a985579d49153e33db7a8442c8331f

  • SHA1

    b535cf9abaa0988aa907f908b3ac7a687bee69ad

  • SHA256

    176a9c79497aab42a4071218e86668c749c5a1021c681084dd693b2d11519b50

  • SHA512

    7279c6fb495e7e8d3ae6134762b409e42529a4900ba22330f8915d471d17e0fafa0b7d015fa1eb18ec7dee65589606ebb967e189d1d689f05cc577fb196430b2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      176a9c79497aab42a4071218e86668c749c5a1021c681084dd693b2d11519b50

    • Size

      36KB

    • MD5

      d7a985579d49153e33db7a8442c8331f

    • SHA1

      b535cf9abaa0988aa907f908b3ac7a687bee69ad

    • SHA256

      176a9c79497aab42a4071218e86668c749c5a1021c681084dd693b2d11519b50

    • SHA512

      7279c6fb495e7e8d3ae6134762b409e42529a4900ba22330f8915d471d17e0fafa0b7d015fa1eb18ec7dee65589606ebb967e189d1d689f05cc577fb196430b2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks