Overview

overview

10

Static

static

10

0db2aa199a...f6.exe

windows7_x64

10

0db2aa199a...f6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0db2aa199afcc432726675f9f75a82e436e14b27e09c6cf837b9c43ff127b3f6

  • Size

    99KB

  • Sample

    220212-h8h9vabafp

  • MD5

    caa074edf19cd9ab9dd4720682a6c90c

  • SHA1

    33e03bb69e20f8d68b89c3ef18f742fff3578fc3

  • SHA256

    0db2aa199afcc432726675f9f75a82e436e14b27e09c6cf837b9c43ff127b3f6

  • SHA512

    5e5bf143dce2904b09325ee1ea58be6ebc9660e0035c1ad40404cb58cf28d53655bbbed5aa45ffc4812eb09a27b5d85d9d3c7d0f6d3bd637280e91ea1cf65f81

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0db2aa199afcc432726675f9f75a82e436e14b27e09c6cf837b9c43ff127b3f6

    • Size

      99KB

    • MD5

      caa074edf19cd9ab9dd4720682a6c90c

    • SHA1

      33e03bb69e20f8d68b89c3ef18f742fff3578fc3

    • SHA256

      0db2aa199afcc432726675f9f75a82e436e14b27e09c6cf837b9c43ff127b3f6

    • SHA512

      5e5bf143dce2904b09325ee1ea58be6ebc9660e0035c1ad40404cb58cf28d53655bbbed5aa45ffc4812eb09a27b5d85d9d3c7d0f6d3bd637280e91ea1cf65f81

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks