Overview

overview

10

Static

static

06f667f9d8...e2.exe

windows7_x64

10

06f667f9d8...e2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06f667f9d8627f218cb44f3df4e878591bea02368c15563280d0af7239ec37e2

  • Size

    36KB

  • Sample

    220212-mj7clabbh8

  • MD5

    fd0e6386753892a2695e1d8a084b7d67

  • SHA1

    cf70d1f1541cdea321e32ed9186ac146544f02af

  • SHA256

    06f667f9d8627f218cb44f3df4e878591bea02368c15563280d0af7239ec37e2

  • SHA512

    669b6b2a0afe66032fc09bc0090ef895065b95164091ff3fffe1903b0fafed762d3064216a576008a35f6d369d55e6514919983da2816ec211e512ebeeb3dc2e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06f667f9d8627f218cb44f3df4e878591bea02368c15563280d0af7239ec37e2

    • Size

      36KB

    • MD5

      fd0e6386753892a2695e1d8a084b7d67

    • SHA1

      cf70d1f1541cdea321e32ed9186ac146544f02af

    • SHA256

      06f667f9d8627f218cb44f3df4e878591bea02368c15563280d0af7239ec37e2

    • SHA512

      669b6b2a0afe66032fc09bc0090ef895065b95164091ff3fffe1903b0fafed762d3064216a576008a35f6d369d55e6514919983da2816ec211e512ebeeb3dc2e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks