Overview

overview

10

Static

static

10

0767d87a31...01.exe

windows7_x64

10

0767d87a31...01.exe

windows10-2004_x64

10

Resubmissions

12-02-2022 10:22

220212-meqt2sbbc2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0767d87a3165aa7f4d4ef4fd85c7fc9416169d44dff0ee1d95978e39cb951e01

  • Size

    80KB

  • Sample

    220212-meqt2sbbc2

  • MD5

    a72f42418e92cad924ff31e56aaa3898

  • SHA1

    24c19cc171fad229e73e715eb09bf288c4b39dae

  • SHA256

    0767d87a3165aa7f4d4ef4fd85c7fc9416169d44dff0ee1d95978e39cb951e01

  • SHA512

    b19a6a6431060eae3aa52e22ee0d3432cfa04b7c50a0334eb8a816e6632d55e6d64326315642c0b070626da1e86252131dd6659be8d685348eba1d60f58cb795

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0767d87a3165aa7f4d4ef4fd85c7fc9416169d44dff0ee1d95978e39cb951e01

    • Size

      80KB

    • MD5

      a72f42418e92cad924ff31e56aaa3898

    • SHA1

      24c19cc171fad229e73e715eb09bf288c4b39dae

    • SHA256

      0767d87a3165aa7f4d4ef4fd85c7fc9416169d44dff0ee1d95978e39cb951e01

    • SHA512

      b19a6a6431060eae3aa52e22ee0d3432cfa04b7c50a0334eb8a816e6632d55e6d64326315642c0b070626da1e86252131dd6659be8d685348eba1d60f58cb795

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks