Overview

overview

10

Static

static

0f1ced8f05...b3.exe

windows7_x64

10

0f1ced8f05...b3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f1ced8f05a34794fcec5e3479d18979b87f8cbd7b0c0530e4b87a5894c263b3

  • Size

    58KB

  • Sample

    220212-hhfe9sagdq

  • MD5

    111f1a544e01f991d9d812d9cb515ad4

  • SHA1

    3bd7e482d9d18200a60851fcbe34340d0b83e2a3

  • SHA256

    0f1ced8f05a34794fcec5e3479d18979b87f8cbd7b0c0530e4b87a5894c263b3

  • SHA512

    a491875288246435654fe689d851fc892b939c7a4c0dddd9c1427138d15c9d81505c7e0c895c64c15930744c009726c1d3b98b2d1cf7767a24e9c391f42c9898

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f1ced8f05a34794fcec5e3479d18979b87f8cbd7b0c0530e4b87a5894c263b3

    • Size

      58KB

    • MD5

      111f1a544e01f991d9d812d9cb515ad4

    • SHA1

      3bd7e482d9d18200a60851fcbe34340d0b83e2a3

    • SHA256

      0f1ced8f05a34794fcec5e3479d18979b87f8cbd7b0c0530e4b87a5894c263b3

    • SHA512

      a491875288246435654fe689d851fc892b939c7a4c0dddd9c1427138d15c9d81505c7e0c895c64c15930744c009726c1d3b98b2d1cf7767a24e9c391f42c9898

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks