Overview

overview

10

Static

static

10

16b4159c3f...21.exe

windows7_x64

10

16b4159c3f...21.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16b4159c3f8a8086afd2e4fcf15770cef603ae8d2d8571ccbf21f921033e0c21

  • Size

    79KB

  • Sample

    220212-edv4dahbhl

  • MD5

    6b94b0c2a67b3c0d889800de0f0cbd9c

  • SHA1

    2299421c83965da1b456fa5398ca6dd9411f128e

  • SHA256

    16b4159c3f8a8086afd2e4fcf15770cef603ae8d2d8571ccbf21f921033e0c21

  • SHA512

    211c2badf81469932c54e4f34998050d2eeefea2501509d73fd6fad87a22939cda9a3a0071e1980673a26fc6f56548354d6caadf1e64978a2d9ec18c3d39a852

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      16b4159c3f8a8086afd2e4fcf15770cef603ae8d2d8571ccbf21f921033e0c21

    • Size

      79KB

    • MD5

      6b94b0c2a67b3c0d889800de0f0cbd9c

    • SHA1

      2299421c83965da1b456fa5398ca6dd9411f128e

    • SHA256

      16b4159c3f8a8086afd2e4fcf15770cef603ae8d2d8571ccbf21f921033e0c21

    • SHA512

      211c2badf81469932c54e4f34998050d2eeefea2501509d73fd6fad87a22939cda9a3a0071e1980673a26fc6f56548354d6caadf1e64978a2d9ec18c3d39a852

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks