Overview

overview

10

Static

static

10

001480f89b...02.exe

windows7_x64

10

001480f89b...02.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    001480f89bbc4009bb1aed1fef8717feb9fecc5c77dce4afbed1370e9672a802

  • Size

    152KB

  • Sample

    220212-p4vkmsceb3

  • MD5

    bcd9d12c0681b0bde74a34166015daaf

  • SHA1

    a40c5729bca4a498edca73d8613d4a6e42e0911a

  • SHA256

    001480f89bbc4009bb1aed1fef8717feb9fecc5c77dce4afbed1370e9672a802

  • SHA512

    abf7e44965475680f93de9ecd628f2502e2d654c2aa722303090a674197fd3a22c42d9c5796c0ad3db574302df84f68c26cf156c65d45318343448c3af5e3e0d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      001480f89bbc4009bb1aed1fef8717feb9fecc5c77dce4afbed1370e9672a802

    • Size

      152KB

    • MD5

      bcd9d12c0681b0bde74a34166015daaf

    • SHA1

      a40c5729bca4a498edca73d8613d4a6e42e0911a

    • SHA256

      001480f89bbc4009bb1aed1fef8717feb9fecc5c77dce4afbed1370e9672a802

    • SHA512

      abf7e44965475680f93de9ecd628f2502e2d654c2aa722303090a674197fd3a22c42d9c5796c0ad3db574302df84f68c26cf156c65d45318343448c3af5e3e0d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks