Overview

overview

10

Static

static

10

0e057b25c7...9a.exe

windows7_x64

10

0e057b25c7...9a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e057b25c7f057515848a79c900b47c8960fdda0ba10ef89d661cdf2075c1f9a

  • Size

    150KB

  • Sample

    220212-h4ee4ahde9

  • MD5

    cb819774f3a9710f3e07fb5b90a299e5

  • SHA1

    6acff7e080efea7d3d5d0c84f560126570cf79e1

  • SHA256

    0e057b25c7f057515848a79c900b47c8960fdda0ba10ef89d661cdf2075c1f9a

  • SHA512

    3c6236260b3ced97813c3366dffc0267fe41305cb7406ee90e06b59226d65ad9c0c36e228723a314c71ff3e08dc924d73a073e29e769d3a23b5a068e7ff4df71

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e057b25c7f057515848a79c900b47c8960fdda0ba10ef89d661cdf2075c1f9a

    • Size

      150KB

    • MD5

      cb819774f3a9710f3e07fb5b90a299e5

    • SHA1

      6acff7e080efea7d3d5d0c84f560126570cf79e1

    • SHA256

      0e057b25c7f057515848a79c900b47c8960fdda0ba10ef89d661cdf2075c1f9a

    • SHA512

      3c6236260b3ced97813c3366dffc0267fe41305cb7406ee90e06b59226d65ad9c0c36e228723a314c71ff3e08dc924d73a073e29e769d3a23b5a068e7ff4df71

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks