Overview

overview

10

Static

static

10

0f6889d398...ef.exe

windows7_x64

10

0f6889d398...ef.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f6889d398f75015669f297699a0e3488cf122390296682ccd82fd96b07133ef

  • Size

    100KB

  • Sample

    220212-hd87saagap

  • MD5

    6c3ad26ef3bebe01cbd0872c43e25121

  • SHA1

    f025aebe000688bac9e6aa16878f19c33a5d815f

  • SHA256

    0f6889d398f75015669f297699a0e3488cf122390296682ccd82fd96b07133ef

  • SHA512

    87d08bde9767ea25bf752ea23fa9969673eb8f57b7ac38bcc65feca77a41132b27903b13fbf9d7a6f1b87efa49e9d911022ca3c595f862ada4ac90ecd625c5fe

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f6889d398f75015669f297699a0e3488cf122390296682ccd82fd96b07133ef

    • Size

      100KB

    • MD5

      6c3ad26ef3bebe01cbd0872c43e25121

    • SHA1

      f025aebe000688bac9e6aa16878f19c33a5d815f

    • SHA256

      0f6889d398f75015669f297699a0e3488cf122390296682ccd82fd96b07133ef

    • SHA512

      87d08bde9767ea25bf752ea23fa9969673eb8f57b7ac38bcc65feca77a41132b27903b13fbf9d7a6f1b87efa49e9d911022ca3c595f862ada4ac90ecd625c5fe

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks