Overview

overview

10

Static

static

083b9df1d9...8c.exe

windows7_x64

10

083b9df1d9...8c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    083b9df1d95ccb2175d1ea6ecda08e65c772f94f74d2de9535c9f628e8ef6b8c

  • Size

    58KB

  • Sample

    220212-l3wvjaahg7

  • MD5

    26ac0d5b3c2e974ec79d2f77aeadc0d0

  • SHA1

    efa55f765c4abfa24afb0a6375de5702ff7635de

  • SHA256

    083b9df1d95ccb2175d1ea6ecda08e65c772f94f74d2de9535c9f628e8ef6b8c

  • SHA512

    63d06a23f52d9b3ca9e18762fd47b2559693678a2949d5f8111cf1942824832a2400b00ef73f2bce2f7df837ac96f3932add6c180833dc4956f6231e4dde9a41

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      083b9df1d95ccb2175d1ea6ecda08e65c772f94f74d2de9535c9f628e8ef6b8c

    • Size

      58KB

    • MD5

      26ac0d5b3c2e974ec79d2f77aeadc0d0

    • SHA1

      efa55f765c4abfa24afb0a6375de5702ff7635de

    • SHA256

      083b9df1d95ccb2175d1ea6ecda08e65c772f94f74d2de9535c9f628e8ef6b8c

    • SHA512

      63d06a23f52d9b3ca9e18762fd47b2559693678a2949d5f8111cf1942824832a2400b00ef73f2bce2f7df837ac96f3932add6c180833dc4956f6231e4dde9a41

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks