Overview

overview

10

Static

static

10

0dbe0b854f...2c.exe

windows7_x64

10

0dbe0b854f...2c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dbe0b854ffb4de62e1c1ff4532d360b60a228207001413f5941117158e9512c

  • Size

    150KB

  • Sample

    220212-h71shaheb2

  • MD5

    3bc375bbe93ee08a461fd1bf42c79b75

  • SHA1

    c04e6a527584761c5b77138c218d1e8be81e08e3

  • SHA256

    0dbe0b854ffb4de62e1c1ff4532d360b60a228207001413f5941117158e9512c

  • SHA512

    c380a6e7d06a89d5e860fb721ae7c998f9ac0b54742169685bced238c1339ef786d363ffe2b6ec5ab35e517c4c5d680d061d432eab6a4626949a8ce3329ae720

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0dbe0b854ffb4de62e1c1ff4532d360b60a228207001413f5941117158e9512c

    • Size

      150KB

    • MD5

      3bc375bbe93ee08a461fd1bf42c79b75

    • SHA1

      c04e6a527584761c5b77138c218d1e8be81e08e3

    • SHA256

      0dbe0b854ffb4de62e1c1ff4532d360b60a228207001413f5941117158e9512c

    • SHA512

      c380a6e7d06a89d5e860fb721ae7c998f9ac0b54742169685bced238c1339ef786d363ffe2b6ec5ab35e517c4c5d680d061d432eab6a4626949a8ce3329ae720

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks