Overview

overview

10

Static

static

10

0ef4c20e6a...73.exe

windows7_x64

10

0ef4c20e6a...73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ef4c20e6ae3d47f1d35ad9d838424adc9f0f511eb17f2c3ac83d4c78fab1d73

  • Size

    192KB

  • Sample

    220212-hqrs9shca7

  • MD5

    9fbdb71f4b9fad8106464be8399ab9e2

  • SHA1

    2279127adf3380b7063035f92938ed03ebd43760

  • SHA256

    0ef4c20e6ae3d47f1d35ad9d838424adc9f0f511eb17f2c3ac83d4c78fab1d73

  • SHA512

    bd0b2f88564cd3447ba83642e6a636b405c81d9e05a137e78557fccca8d567f5ffb7769699c0efa23e931e926f9e619888f98c38b7a22dd633941d7fa8d9fe3f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0ef4c20e6ae3d47f1d35ad9d838424adc9f0f511eb17f2c3ac83d4c78fab1d73

    • Size

      192KB

    • MD5

      9fbdb71f4b9fad8106464be8399ab9e2

    • SHA1

      2279127adf3380b7063035f92938ed03ebd43760

    • SHA256

      0ef4c20e6ae3d47f1d35ad9d838424adc9f0f511eb17f2c3ac83d4c78fab1d73

    • SHA512

      bd0b2f88564cd3447ba83642e6a636b405c81d9e05a137e78557fccca8d567f5ffb7769699c0efa23e931e926f9e619888f98c38b7a22dd633941d7fa8d9fe3f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks