Overview

overview

10

Static

static

10

11723c197b...86.exe

windows7_x64

10

11723c197b...86.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11723c197be14cb35881337c1cb89584f7241dfd876daafa5ed875e7e95b6d86

  • Size

    176KB

  • Sample

    220212-gkytysgfg9

  • MD5

    98d219ef049a8e1392df2b27a93d0acf

  • SHA1

    952650b094e824a0dd13ece97dea33ea09946fc4

  • SHA256

    11723c197be14cb35881337c1cb89584f7241dfd876daafa5ed875e7e95b6d86

  • SHA512

    ef8b5142515f157910d1fbcc2774bdd0c5401b9565d23c936a261c8c76be13bbc0526bd5a12588bad7410f3aaf29ccc55b7050164bd10656ae1bdc58a49cf887

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      11723c197be14cb35881337c1cb89584f7241dfd876daafa5ed875e7e95b6d86

    • Size

      176KB

    • MD5

      98d219ef049a8e1392df2b27a93d0acf

    • SHA1

      952650b094e824a0dd13ece97dea33ea09946fc4

    • SHA256

      11723c197be14cb35881337c1cb89584f7241dfd876daafa5ed875e7e95b6d86

    • SHA512

      ef8b5142515f157910d1fbcc2774bdd0c5401b9565d23c936a261c8c76be13bbc0526bd5a12588bad7410f3aaf29ccc55b7050164bd10656ae1bdc58a49cf887

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks