Overview

overview

10

Static

static

10

16dfc02c02...7c.exe

windows7_x64

10

16dfc02c02...7c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16dfc02c02129c013dbc3371ad91d786b40b9ecf3f958aea44901db98e341a7c

  • Size

    89KB

  • Sample

    220212-eav9zaffb2

  • MD5

    d9c432d8884833ecb498caaf10aaa5f0

  • SHA1

    e8a06666439ae04cc219d98a879b473d226ff535

  • SHA256

    16dfc02c02129c013dbc3371ad91d786b40b9ecf3f958aea44901db98e341a7c

  • SHA512

    4a90221114e9c8bd64b52c3ca1b6a709747083aa8f868d2b0eaa27221bbd2cb027eb76d4f9abf658c93dabf5564cf7c28b2305f4f7a466319c1b14bcf6b3496f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      16dfc02c02129c013dbc3371ad91d786b40b9ecf3f958aea44901db98e341a7c

    • Size

      89KB

    • MD5

      d9c432d8884833ecb498caaf10aaa5f0

    • SHA1

      e8a06666439ae04cc219d98a879b473d226ff535

    • SHA256

      16dfc02c02129c013dbc3371ad91d786b40b9ecf3f958aea44901db98e341a7c

    • SHA512

      4a90221114e9c8bd64b52c3ca1b6a709747083aa8f868d2b0eaa27221bbd2cb027eb76d4f9abf658c93dabf5564cf7c28b2305f4f7a466319c1b14bcf6b3496f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks