Overview

overview

10

Static

static

10

028824708d...9a.exe

windows7_x64

10

028824708d...9a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    028824708db6c402fcf4e56800ba7ee2650283f87c2415d4ad18665b0652ad9a

  • Size

    99KB

  • Sample

    220212-n8qxkscaf8

  • MD5

    c93eacb10a0f98cc12f18855f90ad3ec

  • SHA1

    99b65354d74726465fd59b3a83102c2a3b2e47b2

  • SHA256

    028824708db6c402fcf4e56800ba7ee2650283f87c2415d4ad18665b0652ad9a

  • SHA512

    be73e0769aa33a582926335ec0387e8a995719702a595a71b37728bcd830d37c2844e4cc88454344e1b2cf9d3efa1b5e2ba7d3db661e5d9a67cced9ac0ccff28

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      028824708db6c402fcf4e56800ba7ee2650283f87c2415d4ad18665b0652ad9a

    • Size

      99KB

    • MD5

      c93eacb10a0f98cc12f18855f90ad3ec

    • SHA1

      99b65354d74726465fd59b3a83102c2a3b2e47b2

    • SHA256

      028824708db6c402fcf4e56800ba7ee2650283f87c2415d4ad18665b0652ad9a

    • SHA512

      be73e0769aa33a582926335ec0387e8a995719702a595a71b37728bcd830d37c2844e4cc88454344e1b2cf9d3efa1b5e2ba7d3db661e5d9a67cced9ac0ccff28

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks