Overview

overview

10

Static

static

17687c90b1...1a.exe

windows7_x64

10

17687c90b1...1a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17687c90b19a839be3b236f16615b3f32e0f8b7681fb6f2ee6d152ef9b9c6c1a

  • Size

    35KB

  • Sample

    220212-d3stwafeb6

  • MD5

    9c2aa3bd2b568ad97c8c650ff26729a9

  • SHA1

    310d3c213eb06d82843403f7588b51c805463b4d

  • SHA256

    17687c90b19a839be3b236f16615b3f32e0f8b7681fb6f2ee6d152ef9b9c6c1a

  • SHA512

    0859662174ada120522edddffbab410b080249304d2462f4084fe05faae7dc6ef1bf3984833b0b103f84f4cc5e6e2495b0ee0953a31ecd86dafe10de67c4c406

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17687c90b19a839be3b236f16615b3f32e0f8b7681fb6f2ee6d152ef9b9c6c1a

    • Size

      35KB

    • MD5

      9c2aa3bd2b568ad97c8c650ff26729a9

    • SHA1

      310d3c213eb06d82843403f7588b51c805463b4d

    • SHA256

      17687c90b19a839be3b236f16615b3f32e0f8b7681fb6f2ee6d152ef9b9c6c1a

    • SHA512

      0859662174ada120522edddffbab410b080249304d2462f4084fe05faae7dc6ef1bf3984833b0b103f84f4cc5e6e2495b0ee0953a31ecd86dafe10de67c4c406

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks