Overview

overview

10

Static

static

10

17062bfe71...fa.exe

windows7_x64

10

17062bfe71...fa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17062bfe716b21ccc798231164020195342a31b78d1097a71b8bb9a72b88c3fa

  • Size

    99KB

  • Sample

    220212-d8ngcahbbq

  • MD5

    07310774bfa3233a7d18f9469b0791cd

  • SHA1

    55ba11f177daa7e42837885eb18c1136a943e836

  • SHA256

    17062bfe716b21ccc798231164020195342a31b78d1097a71b8bb9a72b88c3fa

  • SHA512

    a821669b61706512a3fcad13a2dc5459561d3dabae92088b769f63ff8e169fba1e34af0be6dccf1623d2cf6c7650841ae49600a2040c225931b88c20cd76eb3a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17062bfe716b21ccc798231164020195342a31b78d1097a71b8bb9a72b88c3fa

    • Size

      99KB

    • MD5

      07310774bfa3233a7d18f9469b0791cd

    • SHA1

      55ba11f177daa7e42837885eb18c1136a943e836

    • SHA256

      17062bfe716b21ccc798231164020195342a31b78d1097a71b8bb9a72b88c3fa

    • SHA512

      a821669b61706512a3fcad13a2dc5459561d3dabae92088b769f63ff8e169fba1e34af0be6dccf1623d2cf6c7650841ae49600a2040c225931b88c20cd76eb3a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks