Overview

overview

10

Static

static

10

1076c894ed...80.exe

windows7_x64

10

1076c894ed...80.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1076c894ed7674690d83f236fd798c489970a6c8a85b08a80b6ef1401d7f5380

  • Size

    101KB

  • Sample

    220212-g1gwdaghf8

  • MD5

    fc55349bad42ebd41b817fe3abcd4144

  • SHA1

    07482c3c6e701784a71957dd9638d6c07faddf04

  • SHA256

    1076c894ed7674690d83f236fd798c489970a6c8a85b08a80b6ef1401d7f5380

  • SHA512

    ac3a128c1b086ad5c404ef0926551fbd7aa28ce7b07aaea6e86934db76a1955c1ec9a4b99a5c23f1b655e0b4f50de96a19edce2ee2111af996ff5ad4828d0e9c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1076c894ed7674690d83f236fd798c489970a6c8a85b08a80b6ef1401d7f5380

    • Size

      101KB

    • MD5

      fc55349bad42ebd41b817fe3abcd4144

    • SHA1

      07482c3c6e701784a71957dd9638d6c07faddf04

    • SHA256

      1076c894ed7674690d83f236fd798c489970a6c8a85b08a80b6ef1401d7f5380

    • SHA512

      ac3a128c1b086ad5c404ef0926551fbd7aa28ce7b07aaea6e86934db76a1955c1ec9a4b99a5c23f1b655e0b4f50de96a19edce2ee2111af996ff5ad4828d0e9c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks