Overview

overview

10

Static

static

10

1699f78488...b0.exe

windows7_x64

10

1699f78488...b0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1699f7848879bf482969a42aed6922e9d1232f22344c8d08d79b7c176a7f4ab0

  • Size

    120KB

  • Sample

    220212-efe5yafff6

  • MD5

    65a5738b1afcda1fe774e82ce5ddf02f

  • SHA1

    3bc156c7ee9111189067f5a0a9ffba588678cb56

  • SHA256

    1699f7848879bf482969a42aed6922e9d1232f22344c8d08d79b7c176a7f4ab0

  • SHA512

    43bb246d5e72a698f14fd437e7ea5f030126530c4175b15c49d678f5a9654eeb0fe3832c253b93d5dc6635b26180cac1ee95f07c8a3aa743507562eaf1abf8c0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1699f7848879bf482969a42aed6922e9d1232f22344c8d08d79b7c176a7f4ab0

    • Size

      120KB

    • MD5

      65a5738b1afcda1fe774e82ce5ddf02f

    • SHA1

      3bc156c7ee9111189067f5a0a9ffba588678cb56

    • SHA256

      1699f7848879bf482969a42aed6922e9d1232f22344c8d08d79b7c176a7f4ab0

    • SHA512

      43bb246d5e72a698f14fd437e7ea5f030126530c4175b15c49d678f5a9654eeb0fe3832c253b93d5dc6635b26180cac1ee95f07c8a3aa743507562eaf1abf8c0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks