Overview

overview

10

Static

static

10

08d5d43b9b...82.exe

windows7_x64

10

08d5d43b9b...82.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08d5d43b9b16a4f8ff2db9db07cd2bb3b74d27ee674055ffa5aa2d76d3310f82

  • Size

    101KB

  • Sample

    220212-lvxf4acdhm

  • MD5

    1d2ef4bf5d25f49c8edf8bf9833d943c

  • SHA1

    9b5538ebd0a559bed9b9ab37e194fd1807b4750d

  • SHA256

    08d5d43b9b16a4f8ff2db9db07cd2bb3b74d27ee674055ffa5aa2d76d3310f82

  • SHA512

    eb3f3c061cef95d4891b390c0f1d9147d98aef0fb01c446ed3d07b9b864eac8356333679ad76091d67d02f33d59fd623cf40909130ae644505e56b1d1c7759a1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08d5d43b9b16a4f8ff2db9db07cd2bb3b74d27ee674055ffa5aa2d76d3310f82

    • Size

      101KB

    • MD5

      1d2ef4bf5d25f49c8edf8bf9833d943c

    • SHA1

      9b5538ebd0a559bed9b9ab37e194fd1807b4750d

    • SHA256

      08d5d43b9b16a4f8ff2db9db07cd2bb3b74d27ee674055ffa5aa2d76d3310f82

    • SHA512

      eb3f3c061cef95d4891b390c0f1d9147d98aef0fb01c446ed3d07b9b864eac8356333679ad76091d67d02f33d59fd623cf40909130ae644505e56b1d1c7759a1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks