Overview

overview

10

Static

static

0e1d4ffec1...d7.exe

windows7_x64

10

0e1d4ffec1...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e1d4ffec170d180725d0458ebe47a317d15dd7abf4a3d3f16f8931097d2c8d7

  • Size

    58KB

  • Sample

    220212-h3a2aabaaq

  • MD5

    5c13701293bd0ddc91647a090aa074ba

  • SHA1

    27a6ab7ee3c7cb38f161cddcb3798c6742c65f1d

  • SHA256

    0e1d4ffec170d180725d0458ebe47a317d15dd7abf4a3d3f16f8931097d2c8d7

  • SHA512

    c74832b3713e353136e68871ac8f7a43acd58c56a39c5a2a58fb15b116c3f72077e189a25bb28be3871d7003f804e8b898052777d14fc026a0e986a315b06f98

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e1d4ffec170d180725d0458ebe47a317d15dd7abf4a3d3f16f8931097d2c8d7

    • Size

      58KB

    • MD5

      5c13701293bd0ddc91647a090aa074ba

    • SHA1

      27a6ab7ee3c7cb38f161cddcb3798c6742c65f1d

    • SHA256

      0e1d4ffec170d180725d0458ebe47a317d15dd7abf4a3d3f16f8931097d2c8d7

    • SHA512

      c74832b3713e353136e68871ac8f7a43acd58c56a39c5a2a58fb15b116c3f72077e189a25bb28be3871d7003f804e8b898052777d14fc026a0e986a315b06f98

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks