Overview

overview

10

Static

static

18d00f3178...4b.exe

windows7_x64

10

18d00f3178...4b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18d00f31780680c6e04601ab004172d938e9f4017fa4f29fcfe6101e05ac334b

  • Size

    58KB

  • Sample

    220212-dhq5jsfbh8

  • MD5

    2111837035b997e7bcb417a242fc3b16

  • SHA1

    606d764a52da53475732a7d7189b0594162a10b1

  • SHA256

    18d00f31780680c6e04601ab004172d938e9f4017fa4f29fcfe6101e05ac334b

  • SHA512

    7f784c64ac97cd86c997348a1e93db48cc44934e1543d1b78aa4a539509e628790f390b5651d9157ea7c7e006498b221976f5342263013e6a407c555cdcc78aa

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      18d00f31780680c6e04601ab004172d938e9f4017fa4f29fcfe6101e05ac334b

    • Size

      58KB

    • MD5

      2111837035b997e7bcb417a242fc3b16

    • SHA1

      606d764a52da53475732a7d7189b0594162a10b1

    • SHA256

      18d00f31780680c6e04601ab004172d938e9f4017fa4f29fcfe6101e05ac334b

    • SHA512

      7f784c64ac97cd86c997348a1e93db48cc44934e1543d1b78aa4a539509e628790f390b5651d9157ea7c7e006498b221976f5342263013e6a407c555cdcc78aa

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks