Overview

overview

10

Static

static

10

17bcdbeca0...7a.exe

windows7_x64

10

17bcdbeca0...7a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17bcdbeca03d7b7713b8994f8019ddcebcfce52f666e078760262641b9443a7a

  • Size

    100KB

  • Sample

    220212-dxv22sghhp

  • MD5

    9d2b371cf65733029fc71ff271491e1c

  • SHA1

    8cd06ecf9d5590bad1c31bca681dcce651260daf

  • SHA256

    17bcdbeca03d7b7713b8994f8019ddcebcfce52f666e078760262641b9443a7a

  • SHA512

    c0522b6822b39bebe8de02b137c85a7c5a3f68660983bb588664ae863507961bad5c2cc6203c9a420b9cf007690ffee8d628fdcf4b72c4a8313c1b6802494ef1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17bcdbeca03d7b7713b8994f8019ddcebcfce52f666e078760262641b9443a7a

    • Size

      100KB

    • MD5

      9d2b371cf65733029fc71ff271491e1c

    • SHA1

      8cd06ecf9d5590bad1c31bca681dcce651260daf

    • SHA256

      17bcdbeca03d7b7713b8994f8019ddcebcfce52f666e078760262641b9443a7a

    • SHA512

      c0522b6822b39bebe8de02b137c85a7c5a3f68660983bb588664ae863507961bad5c2cc6203c9a420b9cf007690ffee8d628fdcf4b72c4a8313c1b6802494ef1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks