Overview

overview

10

Static

static

10

07e9ff81aa...2c.exe

windows7_x64

10

07e9ff81aa...2c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07e9ff81aacf9a25ff432bd200130b6545880a250846467863eb5495d4858c2c

  • Size

    100KB

  • Sample

    220212-l7m37acfdj

  • MD5

    d6e463e8d2167a85a5a7b71ae5577e0a

  • SHA1

    9ab60415d2522426695a4d5d6116d0176985e43f

  • SHA256

    07e9ff81aacf9a25ff432bd200130b6545880a250846467863eb5495d4858c2c

  • SHA512

    2b1ee226c8eb6a5e4dbaeefd5df181a3c3aa93d7d8c0eff690b96519470b7ff821eab2a14000c892c65559ee35790224b0d419332b1e14db17c2362f36739774

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      07e9ff81aacf9a25ff432bd200130b6545880a250846467863eb5495d4858c2c

    • Size

      100KB

    • MD5

      d6e463e8d2167a85a5a7b71ae5577e0a

    • SHA1

      9ab60415d2522426695a4d5d6116d0176985e43f

    • SHA256

      07e9ff81aacf9a25ff432bd200130b6545880a250846467863eb5495d4858c2c

    • SHA512

      2b1ee226c8eb6a5e4dbaeefd5df181a3c3aa93d7d8c0eff690b96519470b7ff821eab2a14000c892c65559ee35790224b0d419332b1e14db17c2362f36739774

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks