Overview

overview

10

Static

static

10

10bb471b8f...e3.exe

windows7_x64

10

10bb471b8f...e3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10bb471b8ff485b6bf31a04fbd4c05553b14e1117448bef24d7fb94af9d611e3

  • Size

    80KB

  • Sample

    220212-gv76daghb4

  • MD5

    c3dd3be596219514085682ef5fdc583d

  • SHA1

    b65ab4cc642793037d38169fe50181bd4b39a31e

  • SHA256

    10bb471b8ff485b6bf31a04fbd4c05553b14e1117448bef24d7fb94af9d611e3

  • SHA512

    1e481710c2ee07b909afb08166ea789670a6985e058540c67987ec64304595a2ddc26a99097fcc60c262b6e4f4ba5450890542db0b607b3d8e5c995f15727714

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10bb471b8ff485b6bf31a04fbd4c05553b14e1117448bef24d7fb94af9d611e3

    • Size

      80KB

    • MD5

      c3dd3be596219514085682ef5fdc583d

    • SHA1

      b65ab4cc642793037d38169fe50181bd4b39a31e

    • SHA256

      10bb471b8ff485b6bf31a04fbd4c05553b14e1117448bef24d7fb94af9d611e3

    • SHA512

      1e481710c2ee07b909afb08166ea789670a6985e058540c67987ec64304595a2ddc26a99097fcc60c262b6e4f4ba5450890542db0b607b3d8e5c995f15727714

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks