Overview

overview

10

Static

static

10

107d723151...32.exe

windows7_x64

10

107d723151...32.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    107d723151c6039c0bf8417779a88b1250c1bf122a14602d4f03739eeb2cc332

  • Size

    220KB

  • Sample

    220212-gz18maghf3

  • MD5

    267f0107dfd5deea4187a79dbe3676f0

  • SHA1

    838d9d2d285c90cbcdc9dca3583d8e2491680af0

  • SHA256

    107d723151c6039c0bf8417779a88b1250c1bf122a14602d4f03739eeb2cc332

  • SHA512

    6b8ec8d0865a375407e98a99fbd2d045de1fbc5b9d79b41e63ed19e28cba9d5ed6e8690d019855199452b8c80760f3e7ecdd3c1268ad2f5f105b209031640b7d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      107d723151c6039c0bf8417779a88b1250c1bf122a14602d4f03739eeb2cc332

    • Size

      220KB

    • MD5

      267f0107dfd5deea4187a79dbe3676f0

    • SHA1

      838d9d2d285c90cbcdc9dca3583d8e2491680af0

    • SHA256

      107d723151c6039c0bf8417779a88b1250c1bf122a14602d4f03739eeb2cc332

    • SHA512

      6b8ec8d0865a375407e98a99fbd2d045de1fbc5b9d79b41e63ed19e28cba9d5ed6e8690d019855199452b8c80760f3e7ecdd3c1268ad2f5f105b209031640b7d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks