Overview

overview

10

Static

static

10

0dbd83f426...c6.exe

windows7_x64

10

0dbd83f426...c6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0dbd83f4265297f3aeeb74d323544843187ecd359bf8857ef8787170e43bdac6

  • Size

    101KB

  • Sample

    220212-h73xvsheb3

  • MD5

    51a0a17c8c6db19609bfa27b4e0415d2

  • SHA1

    0290ef83b95ef2343381ff8ec70f98013bd2eb6f

  • SHA256

    0dbd83f4265297f3aeeb74d323544843187ecd359bf8857ef8787170e43bdac6

  • SHA512

    ecde4837f702fece07695637a79f1b0aff4a14e2fe8ab92ca652d2ee588a36f989789417dee707ac32164fb8a8d189089b42e71aa66e06824bca3ad0567b9a9f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0dbd83f4265297f3aeeb74d323544843187ecd359bf8857ef8787170e43bdac6

    • Size

      101KB

    • MD5

      51a0a17c8c6db19609bfa27b4e0415d2

    • SHA1

      0290ef83b95ef2343381ff8ec70f98013bd2eb6f

    • SHA256

      0dbd83f4265297f3aeeb74d323544843187ecd359bf8857ef8787170e43bdac6

    • SHA512

      ecde4837f702fece07695637a79f1b0aff4a14e2fe8ab92ca652d2ee588a36f989789417dee707ac32164fb8a8d189089b42e71aa66e06824bca3ad0567b9a9f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks