Overview

overview

10

Static

static

10

0f17758abd...64.exe

windows7_x64

10

0f17758abd...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f17758abd343af0a92eeb509a25cdf3529ae54c98251cb1285a4565e34bf664

  • Size

    89KB

  • Sample

    220212-hhmjkshbg8

  • MD5

    88bc6b76789582e2d11478b64d13a552

  • SHA1

    0a530438b5e4616e84ae9ea83dcfdff22500a0ae

  • SHA256

    0f17758abd343af0a92eeb509a25cdf3529ae54c98251cb1285a4565e34bf664

  • SHA512

    bc6f3607a7cbf6090ae5ed66cc12b7e8cdde2c649ce626dcc7e4df24ea513e78426aa176ca454d5872ee67274742c9d52d2138ff5474f9d4f2bea3084315cb73

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f17758abd343af0a92eeb509a25cdf3529ae54c98251cb1285a4565e34bf664

    • Size

      89KB

    • MD5

      88bc6b76789582e2d11478b64d13a552

    • SHA1

      0a530438b5e4616e84ae9ea83dcfdff22500a0ae

    • SHA256

      0f17758abd343af0a92eeb509a25cdf3529ae54c98251cb1285a4565e34bf664

    • SHA512

      bc6f3607a7cbf6090ae5ed66cc12b7e8cdde2c649ce626dcc7e4df24ea513e78426aa176ca454d5872ee67274742c9d52d2138ff5474f9d4f2bea3084315cb73

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks