Overview

overview

10

Static

static

10

09341c9e79...56.exe

windows7_x64

10

09341c9e79...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09341c9e794c78e3e03d6075b50780065bd51f4528ceb83ea7949e4b746ee656

  • Size

    192KB

  • Sample

    220212-lqbntsagc5

  • MD5

    260745d98ce7d543a15a9cf827bafe3d

  • SHA1

    00bc7b4c4d052d69e81072923e51e9479b801f79

  • SHA256

    09341c9e794c78e3e03d6075b50780065bd51f4528ceb83ea7949e4b746ee656

  • SHA512

    dd21f92900559371fcbe0dfde71fef660d9c9282c982e9b1c5d023a4b4064be7175725bcde04f1ff113c70a1b4870a99ee0c5e950e821cf7d37919b69429ee60

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      09341c9e794c78e3e03d6075b50780065bd51f4528ceb83ea7949e4b746ee656

    • Size

      192KB

    • MD5

      260745d98ce7d543a15a9cf827bafe3d

    • SHA1

      00bc7b4c4d052d69e81072923e51e9479b801f79

    • SHA256

      09341c9e794c78e3e03d6075b50780065bd51f4528ceb83ea7949e4b746ee656

    • SHA512

      dd21f92900559371fcbe0dfde71fef660d9c9282c982e9b1c5d023a4b4064be7175725bcde04f1ff113c70a1b4870a99ee0c5e950e821cf7d37919b69429ee60

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks