Overview

overview

10

Static

static

10

10c6c6196d...35.exe

windows7_x64

10

10c6c6196d...35.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10c6c6196d8834383e3bdaa0a62857d0823353d3b8712419d64e243ff58e8a35

  • Size

    92KB

  • Sample

    220212-gvwgksgha9

  • MD5

    17d69240e27e067498aec7ca09aaa14e

  • SHA1

    c2cd177e6239cf6851ad7cdcf6614996985536ac

  • SHA256

    10c6c6196d8834383e3bdaa0a62857d0823353d3b8712419d64e243ff58e8a35

  • SHA512

    533f5f8b7f673eb1345239849e3cde45c97d9c7da07604b5f067bcb8c1b4b1c27125d2ccf96160201561ba4e0db2244f168681d26ad3863131920b3ee3c05d74

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      10c6c6196d8834383e3bdaa0a62857d0823353d3b8712419d64e243ff58e8a35

    • Size

      92KB

    • MD5

      17d69240e27e067498aec7ca09aaa14e

    • SHA1

      c2cd177e6239cf6851ad7cdcf6614996985536ac

    • SHA256

      10c6c6196d8834383e3bdaa0a62857d0823353d3b8712419d64e243ff58e8a35

    • SHA512

      533f5f8b7f673eb1345239849e3cde45c97d9c7da07604b5f067bcb8c1b4b1c27125d2ccf96160201561ba4e0db2244f168681d26ad3863131920b3ee3c05d74

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks