Overview

overview

10

Static

static

10

16f2cb030a...18.exe

windows7_x64

10

16f2cb030a...18.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16f2cb030ae0c1e60de3349b678a4a7c0c80a14814dc81717e060e117da76d18

  • Size

    80KB

  • Sample

    220212-d9e7cshbcj

  • MD5

    97286f1a9e13954775f6b27ef0751105

  • SHA1

    4c5e00a132d33b3988945b973f34db5fb85ba6c0

  • SHA256

    16f2cb030ae0c1e60de3349b678a4a7c0c80a14814dc81717e060e117da76d18

  • SHA512

    34ad7d8e6f01fc86ca8b902331c2eecb86646f58e5eddac7f250655faf94a6a5477e6c0232efcc779b27ce3147360243076cd04cf4fc8e931218019dd527bb19

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      16f2cb030ae0c1e60de3349b678a4a7c0c80a14814dc81717e060e117da76d18

    • Size

      80KB

    • MD5

      97286f1a9e13954775f6b27ef0751105

    • SHA1

      4c5e00a132d33b3988945b973f34db5fb85ba6c0

    • SHA256

      16f2cb030ae0c1e60de3349b678a4a7c0c80a14814dc81717e060e117da76d18

    • SHA512

      34ad7d8e6f01fc86ca8b902331c2eecb86646f58e5eddac7f250655faf94a6a5477e6c0232efcc779b27ce3147360243076cd04cf4fc8e931218019dd527bb19

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks