Overview

overview

10

Static

static

18f889138a...52.exe

windows7_x64

10

18f889138a...52.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18f889138a6159af9f83e8754bf8d4da67b0b00c68b3933450bd2361bc0f6152

  • Size

    58KB

  • Sample

    220212-dfjmpaggal

  • MD5

    7f4ae3be759d7059e79cf6252d1ba703

  • SHA1

    0b5274cb03dc0bc6342c7ee47345652f04625565

  • SHA256

    18f889138a6159af9f83e8754bf8d4da67b0b00c68b3933450bd2361bc0f6152

  • SHA512

    0cf56f2651ecb93af1119efeb6219308f746870b8a0be203fadfefc3f73a55ea5d11442888eb298c86e65d1ffb0987535118754a5c2433e6aac23c0ff260932d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      18f889138a6159af9f83e8754bf8d4da67b0b00c68b3933450bd2361bc0f6152

    • Size

      58KB

    • MD5

      7f4ae3be759d7059e79cf6252d1ba703

    • SHA1

      0b5274cb03dc0bc6342c7ee47345652f04625565

    • SHA256

      18f889138a6159af9f83e8754bf8d4da67b0b00c68b3933450bd2361bc0f6152

    • SHA512

      0cf56f2651ecb93af1119efeb6219308f746870b8a0be203fadfefc3f73a55ea5d11442888eb298c86e65d1ffb0987535118754a5c2433e6aac23c0ff260932d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks