Overview

overview

10

Static

static

10

0f0951a135...2b.exe

windows7_x64

10

0f0951a135...2b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f0951a135ad2beeed527dc2fe941a4076ea999adfe33843e73243c16dbd2e2b

  • Size

    79KB

  • Sample

    220212-hjaamshbh5

  • MD5

    89d77670ed3f33009431fcc65d23b64d

  • SHA1

    59581de470ce92b52516fd324cbf7d44698e4c85

  • SHA256

    0f0951a135ad2beeed527dc2fe941a4076ea999adfe33843e73243c16dbd2e2b

  • SHA512

    a1ddb17d2e9e064fc3d9478875a5a988303cc585ba290d84281873e0901b82d8e1de88b1c0d68f7e458cbdfbc5b90ec45a5ab0a71cbce5ce402182f87de8ba69

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f0951a135ad2beeed527dc2fe941a4076ea999adfe33843e73243c16dbd2e2b

    • Size

      79KB

    • MD5

      89d77670ed3f33009431fcc65d23b64d

    • SHA1

      59581de470ce92b52516fd324cbf7d44698e4c85

    • SHA256

      0f0951a135ad2beeed527dc2fe941a4076ea999adfe33843e73243c16dbd2e2b

    • SHA512

      a1ddb17d2e9e064fc3d9478875a5a988303cc585ba290d84281873e0901b82d8e1de88b1c0d68f7e458cbdfbc5b90ec45a5ab0a71cbce5ce402182f87de8ba69

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks