Overview

overview

10

Static

static

10

07d9f8c71f...1f.exe

windows7_x64

10

07d9f8c71f...1f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07d9f8c71f1407c4f47d34ac372507b5bf681bb164958e76fe3e16109549f91f

  • Size

    80KB

  • Sample

    220212-l8q68scfem

  • MD5

    0f82df5af05c79abacc30135f0d0596b

  • SHA1

    e23485c68136c96c863174783ab4773e145ed234

  • SHA256

    07d9f8c71f1407c4f47d34ac372507b5bf681bb164958e76fe3e16109549f91f

  • SHA512

    1c28f7dfff22e45084b8d4fce600dddc08a43dc1799bf82c99c4bbdb6510eddcfce65269f4a8422e7b5e4a2492ba94657bd27a6be2f1c135fbff4eed2364ba5b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      07d9f8c71f1407c4f47d34ac372507b5bf681bb164958e76fe3e16109549f91f

    • Size

      80KB

    • MD5

      0f82df5af05c79abacc30135f0d0596b

    • SHA1

      e23485c68136c96c863174783ab4773e145ed234

    • SHA256

      07d9f8c71f1407c4f47d34ac372507b5bf681bb164958e76fe3e16109549f91f

    • SHA512

      1c28f7dfff22e45084b8d4fce600dddc08a43dc1799bf82c99c4bbdb6510eddcfce65269f4a8422e7b5e4a2492ba94657bd27a6be2f1c135fbff4eed2364ba5b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks