Overview

overview

10

Static

static

10

18d19f5386...0c.exe

windows7_x64

10

18d19f5386...0c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18d19f5386fcb5e3795d29bb256aadb27c223ab1a972c9ceb72d0916ae671c0c

  • Size

    100KB

  • Sample

    220212-dhpaysfbh7

  • MD5

    633106a3684ff74c024334120b22991c

  • SHA1

    5496a3cd81722cd99a92c26ae21f9666af02ed80

  • SHA256

    18d19f5386fcb5e3795d29bb256aadb27c223ab1a972c9ceb72d0916ae671c0c

  • SHA512

    918ffbba177f1bafa334bdbf6c1db47881a0420ab48b68d6d4aa46c1a1e100e3345934626b7413fc2e91e5ef4a3c22e5bbe94d0861c5eea71d8123d9e55d8ca5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      18d19f5386fcb5e3795d29bb256aadb27c223ab1a972c9ceb72d0916ae671c0c

    • Size

      100KB

    • MD5

      633106a3684ff74c024334120b22991c

    • SHA1

      5496a3cd81722cd99a92c26ae21f9666af02ed80

    • SHA256

      18d19f5386fcb5e3795d29bb256aadb27c223ab1a972c9ceb72d0916ae671c0c

    • SHA512

      918ffbba177f1bafa334bdbf6c1db47881a0420ab48b68d6d4aa46c1a1e100e3345934626b7413fc2e91e5ef4a3c22e5bbe94d0861c5eea71d8123d9e55d8ca5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks