Overview

overview

10

Static

static

10

180a9213e7...d3.exe

windows7_x64

10

180a9213e7...d3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    180a9213e763a93786c1a954449e8b4b0adb8de9c8f5f2af0258e055e9f354d3

  • Size

    80KB

  • Sample

    220212-dtp2maghep

  • MD5

    9bb616dfe1e3d502fa754d8e96c1423e

  • SHA1

    74efa1e7bf6a72d236e9eece15917a831cf8ac29

  • SHA256

    180a9213e763a93786c1a954449e8b4b0adb8de9c8f5f2af0258e055e9f354d3

  • SHA512

    f182b4846811c515311534537d91b4bc86c6494f7b83b5e1a077df25d0c6e59a5293e8c04d46d52d1a142efa397b2d8c335fd28cbb4da2e4f3e56bac55e927fe

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      180a9213e763a93786c1a954449e8b4b0adb8de9c8f5f2af0258e055e9f354d3

    • Size

      80KB

    • MD5

      9bb616dfe1e3d502fa754d8e96c1423e

    • SHA1

      74efa1e7bf6a72d236e9eece15917a831cf8ac29

    • SHA256

      180a9213e763a93786c1a954449e8b4b0adb8de9c8f5f2af0258e055e9f354d3

    • SHA512

      f182b4846811c515311534537d91b4bc86c6494f7b83b5e1a077df25d0c6e59a5293e8c04d46d52d1a142efa397b2d8c335fd28cbb4da2e4f3e56bac55e927fe

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks