Overview

overview

10

Static

static

16e8480702...b8.exe

windows7_x64

10

16e8480702...b8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16e8480702840026d541348dd4426e5351c18c754b4adad882c1da48a5ae89b8

  • Size

    36KB

  • Sample

    220212-d953saffa7

  • MD5

    eb6c717bac50086833a1ca1f95130c7b

  • SHA1

    0465fdd67475a80fbf6649746686ec4f446fffbb

  • SHA256

    16e8480702840026d541348dd4426e5351c18c754b4adad882c1da48a5ae89b8

  • SHA512

    1bd2531d53dd058b00c74e4f464b60392d074975329ecf82119b1206f292841fa18db21411188aa942f9ca86456bb981e5a75a4af4eca89ca6e2617f584ed654

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      16e8480702840026d541348dd4426e5351c18c754b4adad882c1da48a5ae89b8

    • Size

      36KB

    • MD5

      eb6c717bac50086833a1ca1f95130c7b

    • SHA1

      0465fdd67475a80fbf6649746686ec4f446fffbb

    • SHA256

      16e8480702840026d541348dd4426e5351c18c754b4adad882c1da48a5ae89b8

    • SHA512

      1bd2531d53dd058b00c74e4f464b60392d074975329ecf82119b1206f292841fa18db21411188aa942f9ca86456bb981e5a75a4af4eca89ca6e2617f584ed654

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks