Overview

overview

10

Static

static

10

070ac9ffa2...67.exe

windows7_x64

10

070ac9ffa2...67.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    070ac9ffa2655c00e5165c929827bdbd84f9ec467de28b7f7f0cc6d6c790db67

  • Size

    89KB

  • Sample

    220212-mjmcesbbg8

  • MD5

    7db712334c65b56c24e151232cb86822

  • SHA1

    2e955a801e272e91ea8addb6c3a8fd72bce288a5

  • SHA256

    070ac9ffa2655c00e5165c929827bdbd84f9ec467de28b7f7f0cc6d6c790db67

  • SHA512

    3b745f60a15abf82f81e942e8b3f3e571328f4041354ddd50678138c9c8f7f6f0da0992a8eb7e22294638604849ade291e662a0b30a2ad4bd125163c9161a7d3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      070ac9ffa2655c00e5165c929827bdbd84f9ec467de28b7f7f0cc6d6c790db67

    • Size

      89KB

    • MD5

      7db712334c65b56c24e151232cb86822

    • SHA1

      2e955a801e272e91ea8addb6c3a8fd72bce288a5

    • SHA256

      070ac9ffa2655c00e5165c929827bdbd84f9ec467de28b7f7f0cc6d6c790db67

    • SHA512

      3b745f60a15abf82f81e942e8b3f3e571328f4041354ddd50678138c9c8f7f6f0da0992a8eb7e22294638604849ade291e662a0b30a2ad4bd125163c9161a7d3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks