Overview

overview

10

Static

static

10

02077eb1a9...bc.exe

windows7_x64

10

02077eb1a9...bc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02077eb1a90a627437332b87c90a12aac03e6d78c141020dcf607ed48382e1bc

  • Size

    192KB

  • Sample

    220212-pfqxjsdhdn

  • MD5

    62595eefb6b2b43ae9bb3aeb615c0efc

  • SHA1

    21c6a7d116e54d8b13cd82f3f083861d474709c2

  • SHA256

    02077eb1a90a627437332b87c90a12aac03e6d78c141020dcf607ed48382e1bc

  • SHA512

    8b379eb162565c6d08064a55bd332bc3811715795ed1ae71cc53b1f9e00c27410beaf4ab0fabdb9c7f6c62edbe680401f0482d9fb8069c1f8bfeadea92d5c96a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      02077eb1a90a627437332b87c90a12aac03e6d78c141020dcf607ed48382e1bc

    • Size

      192KB

    • MD5

      62595eefb6b2b43ae9bb3aeb615c0efc

    • SHA1

      21c6a7d116e54d8b13cd82f3f083861d474709c2

    • SHA256

      02077eb1a90a627437332b87c90a12aac03e6d78c141020dcf607ed48382e1bc

    • SHA512

      8b379eb162565c6d08064a55bd332bc3811715795ed1ae71cc53b1f9e00c27410beaf4ab0fabdb9c7f6c62edbe680401f0482d9fb8069c1f8bfeadea92d5c96a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks