Overview

overview

10

Static

static

10

18d77f8714...41.exe

windows7_x64

10

18d77f8714...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18d77f871460b8b0c760d2965bc265350056f449f4d229a5e3b4867049bf2241

  • Size

    92KB

  • Sample

    220212-dhkb1afbh5

  • MD5

    b6eb8f16cd609dafe310c5e033532ef8

  • SHA1

    e1c893f72847b12757a4aa5d70c23245ce62cc29

  • SHA256

    18d77f871460b8b0c760d2965bc265350056f449f4d229a5e3b4867049bf2241

  • SHA512

    14e747ead4cda8b819e8bd039b3b2c9df3cb2e7093dfab501af85f9851d449a38cf2fd7fb44fb27f574e6e5423012d94d168175edfb889ce892f9dfae3ac0a59

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      18d77f871460b8b0c760d2965bc265350056f449f4d229a5e3b4867049bf2241

    • Size

      92KB

    • MD5

      b6eb8f16cd609dafe310c5e033532ef8

    • SHA1

      e1c893f72847b12757a4aa5d70c23245ce62cc29

    • SHA256

      18d77f871460b8b0c760d2965bc265350056f449f4d229a5e3b4867049bf2241

    • SHA512

      14e747ead4cda8b819e8bd039b3b2c9df3cb2e7093dfab501af85f9851d449a38cf2fd7fb44fb27f574e6e5423012d94d168175edfb889ce892f9dfae3ac0a59

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks