Overview

overview

10

Static

static

10

17c8e26728...0d.exe

windows7_x64

10

17c8e26728...0d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17c8e2672865794de0003be75de7bad165d43309285816ab040cd3f99ef1a40d

  • Size

    176KB

  • Sample

    220212-dw24zafdd9

  • MD5

    b323d55ae29fbdebdb56faf23b965faa

  • SHA1

    3a7aa445d3d457ce009aeed5d3818b43ee554f51

  • SHA256

    17c8e2672865794de0003be75de7bad165d43309285816ab040cd3f99ef1a40d

  • SHA512

    f8cc514b7e27687ecc98cfceb884d42ff83826f0a15d520b57a979a63ceee4af4cb0872755bd43452564cffd402afe4e41345e94bed062b7d835a7487093a076

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17c8e2672865794de0003be75de7bad165d43309285816ab040cd3f99ef1a40d

    • Size

      176KB

    • MD5

      b323d55ae29fbdebdb56faf23b965faa

    • SHA1

      3a7aa445d3d457ce009aeed5d3818b43ee554f51

    • SHA256

      17c8e2672865794de0003be75de7bad165d43309285816ab040cd3f99ef1a40d

    • SHA512

      f8cc514b7e27687ecc98cfceb884d42ff83826f0a15d520b57a979a63ceee4af4cb0872755bd43452564cffd402afe4e41345e94bed062b7d835a7487093a076

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks