Overview

overview

10

Static

static

10

17c66a2ca4...a8.exe

windows7_x64

10

17c66a2ca4...a8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17c66a2ca49d12bb5b3cb13067997a908551b5a8756b2e745afca45a635367a8

  • Size

    176KB

  • Sample

    220212-dxb9yafde4

  • MD5

    d505aea61d332f9099131ca149bd4651

  • SHA1

    0f06ac3035d622bd152c17e631603a1058236f5c

  • SHA256

    17c66a2ca49d12bb5b3cb13067997a908551b5a8756b2e745afca45a635367a8

  • SHA512

    2f1e4ee1bf6e2299104c9badfa173b18fe02241cc445bd74c7bdfdd95cbddff7d25f3290bfbabc277ac9d360aa1e226a62eea20f5b56d89144b83a92bb281d40

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17c66a2ca49d12bb5b3cb13067997a908551b5a8756b2e745afca45a635367a8

    • Size

      176KB

    • MD5

      d505aea61d332f9099131ca149bd4651

    • SHA1

      0f06ac3035d622bd152c17e631603a1058236f5c

    • SHA256

      17c66a2ca49d12bb5b3cb13067997a908551b5a8756b2e745afca45a635367a8

    • SHA512

      2f1e4ee1bf6e2299104c9badfa173b18fe02241cc445bd74c7bdfdd95cbddff7d25f3290bfbabc277ac9d360aa1e226a62eea20f5b56d89144b83a92bb281d40

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks