Overview

overview

10

Static

static

10

088bfd2fc2...26.exe

windows7_x64

10

088bfd2fc2...26.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    088bfd2fc2626e8782648a4a07d5ae45f86b6f3640a4f0e18cb84f5c3b95b826

  • Size

    89KB

  • Sample

    220212-lywc7sahc7

  • MD5

    457bed32aa527a267118eeb0c343744b

  • SHA1

    84c7d714914b31ccf49245829e7eb76d1447c07d

  • SHA256

    088bfd2fc2626e8782648a4a07d5ae45f86b6f3640a4f0e18cb84f5c3b95b826

  • SHA512

    2d5b78657ea969ef25be149e09e533b9834e8a3d48ee2109b79beab5490638fe6647151b68ec5da8a9b2622750efd01e4e4612fe4a845b18c302a72770376600

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      088bfd2fc2626e8782648a4a07d5ae45f86b6f3640a4f0e18cb84f5c3b95b826

    • Size

      89KB

    • MD5

      457bed32aa527a267118eeb0c343744b

    • SHA1

      84c7d714914b31ccf49245829e7eb76d1447c07d

    • SHA256

      088bfd2fc2626e8782648a4a07d5ae45f86b6f3640a4f0e18cb84f5c3b95b826

    • SHA512

      2d5b78657ea969ef25be149e09e533b9834e8a3d48ee2109b79beab5490638fe6647151b68ec5da8a9b2622750efd01e4e4612fe4a845b18c302a72770376600

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks