Overview

overview

10

Static

static

10

07ab635c4c...af.exe

windows7_x64

10

07ab635c4c...af.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    07ab635c4c27a916bffbe797fec67f5d5a406ec5cc3ba7692df8150436522baf

  • Size

    216KB

  • Sample

    220212-mbdejsbag5

  • MD5

    b01ff1f0dd829dbdf4fe781a858f8b29

  • SHA1

    97b38e9b4e0ac34635c6af27ee037ae9519b1cf2

  • SHA256

    07ab635c4c27a916bffbe797fec67f5d5a406ec5cc3ba7692df8150436522baf

  • SHA512

    f1756a3424699f8dc800a2696b01e0a571f0dfbc63f00c75ca7cd3f91647604f652e48e68f15bd5f8adf83d044b0c397f4f76f6fb530e7c27df1ce648d49247d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      07ab635c4c27a916bffbe797fec67f5d5a406ec5cc3ba7692df8150436522baf

    • Size

      216KB

    • MD5

      b01ff1f0dd829dbdf4fe781a858f8b29

    • SHA1

      97b38e9b4e0ac34635c6af27ee037ae9519b1cf2

    • SHA256

      07ab635c4c27a916bffbe797fec67f5d5a406ec5cc3ba7692df8150436522baf

    • SHA512

      f1756a3424699f8dc800a2696b01e0a571f0dfbc63f00c75ca7cd3f91647604f652e48e68f15bd5f8adf83d044b0c397f4f76f6fb530e7c27df1ce648d49247d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks