Overview

overview

10

Static

static

10

10d80821f4...17.exe

windows7_x64

10

10d80821f4...17.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10d80821f411f93a2cc1518f3eb34e719b35c4944e4a668f1c5321d8eec0b417

  • Size

    80KB

  • Sample

    220212-gva6msadfr

  • MD5

    47b3c37b4a3e4ffe3c1eb0133d16d2d0

  • SHA1

    981b26944ef56f0843e9667b87c6797313ec5490

  • SHA256

    10d80821f411f93a2cc1518f3eb34e719b35c4944e4a668f1c5321d8eec0b417

  • SHA512

    9d13fed4f8d10d2fc6f50c9aff973983be35542be265f77adc037e546fa740d96844202b9e1b115cfd247cac4af8ff19bd090e29a3c6f9aa23e87fd576d0e072

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10d80821f411f93a2cc1518f3eb34e719b35c4944e4a668f1c5321d8eec0b417

    • Size

      80KB

    • MD5

      47b3c37b4a3e4ffe3c1eb0133d16d2d0

    • SHA1

      981b26944ef56f0843e9667b87c6797313ec5490

    • SHA256

      10d80821f411f93a2cc1518f3eb34e719b35c4944e4a668f1c5321d8eec0b417

    • SHA512

      9d13fed4f8d10d2fc6f50c9aff973983be35542be265f77adc037e546fa740d96844202b9e1b115cfd247cac4af8ff19bd090e29a3c6f9aa23e87fd576d0e072

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks