Overview

overview

10

Static

static

10

08fc06f129...86.exe

windows7_x64

10

08fc06f129...86.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08fc06f1297d89287706c9b046e4e933c8ed7d21f1f70fa9510a5eb64e34a886

  • Size

    89KB

  • Sample

    220212-ltql6aagf6

  • MD5

    d6b6d98083b69451affe75ea8b23ad80

  • SHA1

    d24e29a3b55dae4eab5458e0823ccb04124804e8

  • SHA256

    08fc06f1297d89287706c9b046e4e933c8ed7d21f1f70fa9510a5eb64e34a886

  • SHA512

    f4d14d73685cbd9d995d8aed50211e93daf9df2d292042038ccc3d729b2865a6279bf6bd023708328581f96854bc46170587866735767b2940ab062d166d2968

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08fc06f1297d89287706c9b046e4e933c8ed7d21f1f70fa9510a5eb64e34a886

    • Size

      89KB

    • MD5

      d6b6d98083b69451affe75ea8b23ad80

    • SHA1

      d24e29a3b55dae4eab5458e0823ccb04124804e8

    • SHA256

      08fc06f1297d89287706c9b046e4e933c8ed7d21f1f70fa9510a5eb64e34a886

    • SHA512

      f4d14d73685cbd9d995d8aed50211e93daf9df2d292042038ccc3d729b2865a6279bf6bd023708328581f96854bc46170587866735767b2940ab062d166d2968

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks