Overview

overview

10

Static

static

10

08e4c15884...55.exe

windows7_x64

10

08e4c15884...55.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08e4c158843ad1b53ae3d9449d98d51831b933cf6be12ab223de84d707bb8355

  • Size

    216KB

  • Sample

    220212-lva8vsagg4

  • MD5

    3f43fa6162288b4705f38330b4a37eaf

  • SHA1

    98cfa1e05c5a033c504d29cab34d6d402fdecee2

  • SHA256

    08e4c158843ad1b53ae3d9449d98d51831b933cf6be12ab223de84d707bb8355

  • SHA512

    be072e1503f0627f93001ed1dbee4a56e913c31fbe1f83dc58eb05e9930902d18390db90f31f25d9d5697f6496adc10f597c5facb00bd2d102b00f7a0b8e90ee

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08e4c158843ad1b53ae3d9449d98d51831b933cf6be12ab223de84d707bb8355

    • Size

      216KB

    • MD5

      3f43fa6162288b4705f38330b4a37eaf

    • SHA1

      98cfa1e05c5a033c504d29cab34d6d402fdecee2

    • SHA256

      08e4c158843ad1b53ae3d9449d98d51831b933cf6be12ab223de84d707bb8355

    • SHA512

      be072e1503f0627f93001ed1dbee4a56e913c31fbe1f83dc58eb05e9930902d18390db90f31f25d9d5697f6496adc10f597c5facb00bd2d102b00f7a0b8e90ee

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks