Overview

overview

10

Static

static

08882aa91f...40.exe

windows7_x64

10

08882aa91f...40.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08882aa91f36f884a2961b882e2aa3d834dc900a9f441646b7ae3594af493140

  • Size

    36KB

  • Sample

    220212-ly7fgacecq

  • MD5

    05e0efb1e1229636d0cd140be46956e1

  • SHA1

    e54f661aecc6f077761ad0ac46c53a037fe2ea10

  • SHA256

    08882aa91f36f884a2961b882e2aa3d834dc900a9f441646b7ae3594af493140

  • SHA512

    63332ebcbc6686bb7bfbf2dbf51409bc47f1b78e2cbda4f7f158c64becc3ba34e7688bc5f86dd215b32459a1f7161cb87e96b6bf9adace8e85e9cd05d03466c5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      08882aa91f36f884a2961b882e2aa3d834dc900a9f441646b7ae3594af493140

    • Size

      36KB

    • MD5

      05e0efb1e1229636d0cd140be46956e1

    • SHA1

      e54f661aecc6f077761ad0ac46c53a037fe2ea10

    • SHA256

      08882aa91f36f884a2961b882e2aa3d834dc900a9f441646b7ae3594af493140

    • SHA512

      63332ebcbc6686bb7bfbf2dbf51409bc47f1b78e2cbda4f7f158c64becc3ba34e7688bc5f86dd215b32459a1f7161cb87e96b6bf9adace8e85e9cd05d03466c5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks