Overview

overview

10

Static

static

10

1683f91f99...0d.exe

windows7_x64

10

1683f91f99...0d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1683f91f996866cd10101d5f4a6b1c69445ce21f423c4de08ab52ea18ea7050d

  • Size

    170KB

  • Sample

    220212-egjjraffh2

  • MD5

    d95bb5b54d4b6992bb947642cbb5c2cf

  • SHA1

    392e98540ca68901dd1d240e7cd4761259a98526

  • SHA256

    1683f91f996866cd10101d5f4a6b1c69445ce21f423c4de08ab52ea18ea7050d

  • SHA512

    529f4f36ed4867a51e8d82dd0561e4891d057f876010fdcead8af5ecec88d58a2dfa1439b00dc7dbe8c11f97c13a95bd7137c66bb7cc40ddfadb8dd1168ed335

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1683f91f996866cd10101d5f4a6b1c69445ce21f423c4de08ab52ea18ea7050d

    • Size

      170KB

    • MD5

      d95bb5b54d4b6992bb947642cbb5c2cf

    • SHA1

      392e98540ca68901dd1d240e7cd4761259a98526

    • SHA256

      1683f91f996866cd10101d5f4a6b1c69445ce21f423c4de08ab52ea18ea7050d

    • SHA512

      529f4f36ed4867a51e8d82dd0561e4891d057f876010fdcead8af5ecec88d58a2dfa1439b00dc7dbe8c11f97c13a95bd7137c66bb7cc40ddfadb8dd1168ed335

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks