Overview

overview

10

Static

static

10

16cc42f56f...b2.exe

windows7_x64

10

16cc42f56f...b2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16cc42f56fc2e4ba48149a0dc4f860908dfe1900f08f93c44f32edbe672a76b2

  • Size

    99KB

  • Sample

    220212-eccweaffc6

  • MD5

    08d9a58e140945f5935352e22f38a569

  • SHA1

    8b3c5689020de19a1073306675487d43f9216d04

  • SHA256

    16cc42f56fc2e4ba48149a0dc4f860908dfe1900f08f93c44f32edbe672a76b2

  • SHA512

    ce8aaad06aa11069f51fd899ec83e8ff3699ad3f9a6c478c408b593d063e06e6e848b3f99795cd1d68aa1ced66ac70b2d0c35565b6878b3ae310773d4a5daa23

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      16cc42f56fc2e4ba48149a0dc4f860908dfe1900f08f93c44f32edbe672a76b2

    • Size

      99KB

    • MD5

      08d9a58e140945f5935352e22f38a569

    • SHA1

      8b3c5689020de19a1073306675487d43f9216d04

    • SHA256

      16cc42f56fc2e4ba48149a0dc4f860908dfe1900f08f93c44f32edbe672a76b2

    • SHA512

      ce8aaad06aa11069f51fd899ec83e8ff3699ad3f9a6c478c408b593d063e06e6e848b3f99795cd1d68aa1ced66ac70b2d0c35565b6878b3ae310773d4a5daa23

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks