Overview

overview

10

Static

static

10

17147866e2...01.exe

windows7_x64

10

17147866e2...01.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17147866e2eb992dfb419c23ed65dc8bf6f2f0743575ca3f4bfdb157d990a601

  • Size

    152KB

  • Sample

    220212-d7dwhsfef4

  • MD5

    d27d21b9c8c236be792c63a0e61998a7

  • SHA1

    38f8df18d1e17677d33f61e0cde07500b81ece80

  • SHA256

    17147866e2eb992dfb419c23ed65dc8bf6f2f0743575ca3f4bfdb157d990a601

  • SHA512

    5bf62760a816e2af58b8e69a33f47471d6e7afc39744942cc50da35ad60401245d3441c84220595560e4a52d767704ba7093d735d40392630dec57a1a834cd83

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17147866e2eb992dfb419c23ed65dc8bf6f2f0743575ca3f4bfdb157d990a601

    • Size

      152KB

    • MD5

      d27d21b9c8c236be792c63a0e61998a7

    • SHA1

      38f8df18d1e17677d33f61e0cde07500b81ece80

    • SHA256

      17147866e2eb992dfb419c23ed65dc8bf6f2f0743575ca3f4bfdb157d990a601

    • SHA512

      5bf62760a816e2af58b8e69a33f47471d6e7afc39744942cc50da35ad60401245d3441c84220595560e4a52d767704ba7093d735d40392630dec57a1a834cd83

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks