Overview

overview

10

Static

static

10

0f54e81744...31.exe

windows7_x64

10

0f54e81744...31.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631

  • Size

    216KB

  • Sample

    220212-hffm9ahbe6

  • MD5

    f9bda4ecb85391683fddd9a5190dec4e

  • SHA1

    3841f8470fff474150bbf7254b182461d3eb8e29

  • SHA256

    0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631

  • SHA512

    094008ae5ce23b487d445bb664dfbdb56c095cc500dcc8aec4f67268520227c67d5924bf2a58ec479c18e5c9caff7198b2a098de47df3adc2f4859abfb28a4c8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631

    • Size

      216KB

    • MD5

      f9bda4ecb85391683fddd9a5190dec4e

    • SHA1

      3841f8470fff474150bbf7254b182461d3eb8e29

    • SHA256

      0f54e81744a3d35d502d938afd9aab5823f0d46a9ca21a8c5362e9d394f3a631

    • SHA512

      094008ae5ce23b487d445bb664dfbdb56c095cc500dcc8aec4f67268520227c67d5924bf2a58ec479c18e5c9caff7198b2a098de47df3adc2f4859abfb28a4c8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks