Overview

overview

10

Static

static

10

0e32a34f25...e5.exe

windows7_x64

10

0e32a34f25...e5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e32a34f25d8ee70817b6ffa4bf856ae3494df0e0a479fe89df78efc6259e3e5

  • Size

    101KB

  • Sample

    220212-h1wvzahdb8

  • MD5

    3adf794bcf268ac52003091c210525fd

  • SHA1

    c32e18583844cd8f361ee9f16b84a1d2d5197d68

  • SHA256

    0e32a34f25d8ee70817b6ffa4bf856ae3494df0e0a479fe89df78efc6259e3e5

  • SHA512

    46fcf1bba7fe49006eaa48a0199cfce48c950c51e8efcee7d9c2a9f14f07e4d525bd08232f9b2beec160cbeeca2be016163fecd2062b3cbccaf92b02c17be7b4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e32a34f25d8ee70817b6ffa4bf856ae3494df0e0a479fe89df78efc6259e3e5

    • Size

      101KB

    • MD5

      3adf794bcf268ac52003091c210525fd

    • SHA1

      c32e18583844cd8f361ee9f16b84a1d2d5197d68

    • SHA256

      0e32a34f25d8ee70817b6ffa4bf856ae3494df0e0a479fe89df78efc6259e3e5

    • SHA512

      46fcf1bba7fe49006eaa48a0199cfce48c950c51e8efcee7d9c2a9f14f07e4d525bd08232f9b2beec160cbeeca2be016163fecd2062b3cbccaf92b02c17be7b4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks