Overview

overview

10

Static

static

10

1799463090...b5.exe

windows7_x64

10

1799463090...b5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17994630908c7d6f550101f1cb87ac86f609854682e703b6d9a84bc1222461b5

  • Size

    99KB

  • Sample

    220212-dz2ydafdh3

  • MD5

    f06d59b5952d1dcb4c58bc81c226f8f5

  • SHA1

    e83242a3f03696e86bde70ca9ac6a027bce0fb58

  • SHA256

    17994630908c7d6f550101f1cb87ac86f609854682e703b6d9a84bc1222461b5

  • SHA512

    1a1917f04dfb1915752a87074e946a3105d14bc5a9095ef173aa6d6be5709bfe6271a4c42d66bd53713a2b7dd913512c40dc2a5e985afc9a86d0daf2d35cb76c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      17994630908c7d6f550101f1cb87ac86f609854682e703b6d9a84bc1222461b5

    • Size

      99KB

    • MD5

      f06d59b5952d1dcb4c58bc81c226f8f5

    • SHA1

      e83242a3f03696e86bde70ca9ac6a027bce0fb58

    • SHA256

      17994630908c7d6f550101f1cb87ac86f609854682e703b6d9a84bc1222461b5

    • SHA512

      1a1917f04dfb1915752a87074e946a3105d14bc5a9095ef173aa6d6be5709bfe6271a4c42d66bd53713a2b7dd913512c40dc2a5e985afc9a86d0daf2d35cb76c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks