Overview

overview

10

Static

static

10

0da58db447...57.exe

windows7_x64

10

0da58db447...57.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0da58db447dcdeacd572fb2e83b03e4244cbd9ea00516e3731b50f6681d4d357

  • Size

    79KB

  • Sample

    220212-h8staaheb9

  • MD5

    f1bb11a03dc06d65a0df3a2da49d8e7b

  • SHA1

    9d7bd4ea013bf34406d7bb9c500e25b29a158db0

  • SHA256

    0da58db447dcdeacd572fb2e83b03e4244cbd9ea00516e3731b50f6681d4d357

  • SHA512

    638c7f384d876618b608cdd75735b8c2fa0fc94573e9b8b07f445bd6e6be224df062de7000783bcb26be9d6928092878f9b5fe692c9bd18e5de248d8b376ba86

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0da58db447dcdeacd572fb2e83b03e4244cbd9ea00516e3731b50f6681d4d357

    • Size

      79KB

    • MD5

      f1bb11a03dc06d65a0df3a2da49d8e7b

    • SHA1

      9d7bd4ea013bf34406d7bb9c500e25b29a158db0

    • SHA256

      0da58db447dcdeacd572fb2e83b03e4244cbd9ea00516e3731b50f6681d4d357

    • SHA512

      638c7f384d876618b608cdd75735b8c2fa0fc94573e9b8b07f445bd6e6be224df062de7000783bcb26be9d6928092878f9b5fe692c9bd18e5de248d8b376ba86

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks