Overview

overview

10

Static

static

10

077b9609b4...7e.exe

windows7_x64

10

077b9609b4...7e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    077b9609b45b9bf17bbeda67d2e42738289fc48f8001fee4094417a38ffce17e

  • Size

    192KB

  • Sample

    220212-md8ngacgcp

  • MD5

    875d6c684692ec35fab7ad3c5ea6d171

  • SHA1

    5b4862273fabb9e48432fe54e1ae228c576cf6d2

  • SHA256

    077b9609b45b9bf17bbeda67d2e42738289fc48f8001fee4094417a38ffce17e

  • SHA512

    379a7d073ae5565d72144a4ef794ac00174407e59c6caf0218ec0492f24f2b2d916c7ea7c846be575a7dcf331af192f083befe76e2862c11f42a020e0bdc9b52

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      077b9609b45b9bf17bbeda67d2e42738289fc48f8001fee4094417a38ffce17e

    • Size

      192KB

    • MD5

      875d6c684692ec35fab7ad3c5ea6d171

    • SHA1

      5b4862273fabb9e48432fe54e1ae228c576cf6d2

    • SHA256

      077b9609b45b9bf17bbeda67d2e42738289fc48f8001fee4094417a38ffce17e

    • SHA512

      379a7d073ae5565d72144a4ef794ac00174407e59c6caf0218ec0492f24f2b2d916c7ea7c846be575a7dcf331af192f083befe76e2862c11f42a020e0bdc9b52

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks