Overview

overview

10

Static

static

18cb183871...f1.exe

windows7_x64

10

18cb183871...f1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18cb1838712cca78768c5381ec120642f5c66b370291b258dc90cf372ad0caf1

  • Size

    36KB

  • Sample

    220212-dh1c8afca3

  • MD5

    a8706e1e2905b556a927049b716c4e85

  • SHA1

    0729083d60cd6fd0ac3e5d0f00ac5781daeec951

  • SHA256

    18cb1838712cca78768c5381ec120642f5c66b370291b258dc90cf372ad0caf1

  • SHA512

    b88050f01d73b8dd3074815275ea3ea7aa065dc1ddd4d7e2d5a96bfd5882a3bfc9e728f6994a07e67f668ed884217b12c19239b5c156c0105a677470f84212f5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      18cb1838712cca78768c5381ec120642f5c66b370291b258dc90cf372ad0caf1

    • Size

      36KB

    • MD5

      a8706e1e2905b556a927049b716c4e85

    • SHA1

      0729083d60cd6fd0ac3e5d0f00ac5781daeec951

    • SHA256

      18cb1838712cca78768c5381ec120642f5c66b370291b258dc90cf372ad0caf1

    • SHA512

      b88050f01d73b8dd3074815275ea3ea7aa065dc1ddd4d7e2d5a96bfd5882a3bfc9e728f6994a07e67f668ed884217b12c19239b5c156c0105a677470f84212f5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks