Overview

overview

10

Static

static

07fe2cc927...c7.exe

windows7_x64

10

07fe2cc927...c7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07fe2cc92729d2910ea1a0087d18d0ab2289411e4ab130a1620966d560bc12c7

  • Size

    60KB

  • Sample

    220212-l6wc6sbac4

  • MD5

    822601f172777418738338107da9fc53

  • SHA1

    9bedb281956f72ba8c704ea5c9d755ea2bb0ca2b

  • SHA256

    07fe2cc92729d2910ea1a0087d18d0ab2289411e4ab130a1620966d560bc12c7

  • SHA512

    34fa88870a80921a94a057946d941cdb187037b8b3818d1868d25ace2c2f537bd61e8b152521d1d6d5736841118dd6cf9c5f38efcf17138506ce559c0a8bf445

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      07fe2cc92729d2910ea1a0087d18d0ab2289411e4ab130a1620966d560bc12c7

    • Size

      60KB

    • MD5

      822601f172777418738338107da9fc53

    • SHA1

      9bedb281956f72ba8c704ea5c9d755ea2bb0ca2b

    • SHA256

      07fe2cc92729d2910ea1a0087d18d0ab2289411e4ab130a1620966d560bc12c7

    • SHA512

      34fa88870a80921a94a057946d941cdb187037b8b3818d1868d25ace2c2f537bd61e8b152521d1d6d5736841118dd6cf9c5f38efcf17138506ce559c0a8bf445

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks