Overview

overview

10

Static

static

10

08210f1db1...c7.exe

windows7_x64

10

08210f1db1...c7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08210f1db18737882c4b473156a6d2080c42a347be51bc1cedd32d8f4ae280c7

  • Size

    191KB

  • Sample

    220212-l4t3bscehp

  • MD5

    9abae7daf9452d49636ff6be95ce3569

  • SHA1

    65653741558dafd4d4740f83bb283f669b9ae36b

  • SHA256

    08210f1db18737882c4b473156a6d2080c42a347be51bc1cedd32d8f4ae280c7

  • SHA512

    14afb505ead618ed6242a35c7b4cd40f1ea99b361d273c2ce9320045f01739d8fae9c839954b7b7ed4877e951a0b6c7aa01cb3d852e503d6b5c9387b084060ef

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08210f1db18737882c4b473156a6d2080c42a347be51bc1cedd32d8f4ae280c7

    • Size

      191KB

    • MD5

      9abae7daf9452d49636ff6be95ce3569

    • SHA1

      65653741558dafd4d4740f83bb283f669b9ae36b

    • SHA256

      08210f1db18737882c4b473156a6d2080c42a347be51bc1cedd32d8f4ae280c7

    • SHA512

      14afb505ead618ed6242a35c7b4cd40f1ea99b361d273c2ce9320045f01739d8fae9c839954b7b7ed4877e951a0b6c7aa01cb3d852e503d6b5c9387b084060ef

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks