Overview

overview

10

Static

static

10

0fccf690a0...85.exe

windows7_x64

10

0fccf690a0...85.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fccf690a06fcc32822b8e89aa311771eec2adfbf9ad865e1619c963f41f4085

  • Size

    80KB

  • Sample

    220212-g9zgsahag9

  • MD5

    a347c4ce7a5159a0ce5dbc9554d70f0a

  • SHA1

    3e44ec524e194f6b81b1a5a775cd582129fea63c

  • SHA256

    0fccf690a06fcc32822b8e89aa311771eec2adfbf9ad865e1619c963f41f4085

  • SHA512

    dae68ebab902032a7c763876c3500e5e291cf7ec30e8eefd4cc188297ea4e28a59e0fcea7ffcb52ce9c03422bfd786771e73e5c9ee91b3d20e2d44ae31891afc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0fccf690a06fcc32822b8e89aa311771eec2adfbf9ad865e1619c963f41f4085

    • Size

      80KB

    • MD5

      a347c4ce7a5159a0ce5dbc9554d70f0a

    • SHA1

      3e44ec524e194f6b81b1a5a775cd582129fea63c

    • SHA256

      0fccf690a06fcc32822b8e89aa311771eec2adfbf9ad865e1619c963f41f4085

    • SHA512

      dae68ebab902032a7c763876c3500e5e291cf7ec30e8eefd4cc188297ea4e28a59e0fcea7ffcb52ce9c03422bfd786771e73e5c9ee91b3d20e2d44ae31891afc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks