Overview

overview

10

Static

static

10

0e19fce101...bc.exe

windows7_x64

10

0e19fce101...bc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e19fce1013411dda23ff9000e62f27a9f06c1d8bbfa78cd27dcfc72d64efdbc

  • Size

    99KB

  • Sample

    220212-h3mebahdd9

  • MD5

    d20d2421f2e32c2d6f3d5ca073987dc0

  • SHA1

    bfb31fdf9f5ec43714880b0992e1f498a06934be

  • SHA256

    0e19fce1013411dda23ff9000e62f27a9f06c1d8bbfa78cd27dcfc72d64efdbc

  • SHA512

    4919c0ca0e0067628347e530edb9ed6a7d9d79b9e10ebc381f42de9d5b248f688b7b462c09698698e337d7791b6c82db7246de26aaf9a7870dcc677580461879

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e19fce1013411dda23ff9000e62f27a9f06c1d8bbfa78cd27dcfc72d64efdbc

    • Size

      99KB

    • MD5

      d20d2421f2e32c2d6f3d5ca073987dc0

    • SHA1

      bfb31fdf9f5ec43714880b0992e1f498a06934be

    • SHA256

      0e19fce1013411dda23ff9000e62f27a9f06c1d8bbfa78cd27dcfc72d64efdbc

    • SHA512

      4919c0ca0e0067628347e530edb9ed6a7d9d79b9e10ebc381f42de9d5b248f688b7b462c09698698e337d7791b6c82db7246de26aaf9a7870dcc677580461879

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks