Overview

overview

10

Static

static

10

0f055f3137...53.exe

windows7_x64

10

0f055f3137...53.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f055f3137e08e60fff6271ac8665723e38c71c0663cd7a4796203bf0b4f2b53

  • Size

    216KB

  • Sample

    220212-hjwhwahca3

  • MD5

    de2e33614b5252f8fc4a904c184e113c

  • SHA1

    308534741cecae7488b25261ca08c039206e9e7f

  • SHA256

    0f055f3137e08e60fff6271ac8665723e38c71c0663cd7a4796203bf0b4f2b53

  • SHA512

    08b9a9e4755932ef025e85d89adf27a8eeb2f3bf2b6697072d46c52de23d853e8ba645f321695bc2f925ecb2d7f8a402091c888e27b053cd8f75215b34aa6259

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0f055f3137e08e60fff6271ac8665723e38c71c0663cd7a4796203bf0b4f2b53

    • Size

      216KB

    • MD5

      de2e33614b5252f8fc4a904c184e113c

    • SHA1

      308534741cecae7488b25261ca08c039206e9e7f

    • SHA256

      0f055f3137e08e60fff6271ac8665723e38c71c0663cd7a4796203bf0b4f2b53

    • SHA512

      08b9a9e4755932ef025e85d89adf27a8eeb2f3bf2b6697072d46c52de23d853e8ba645f321695bc2f925ecb2d7f8a402091c888e27b053cd8f75215b34aa6259

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks