Overview

overview

10

Static

static

10

0ed9e601a5...8d.exe

windows7_x64

10

0ed9e601a5...8d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d

  • Size

    101KB

  • Sample

    220212-hszlwshcc9

  • MD5

    fbc459bd5dac532c6117e838dc8ca894

  • SHA1

    f724e9de3af6681500e38168346e0629e03672ec

  • SHA256

    0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d

  • SHA512

    f282804628eb0cd961c906bbd4be0e4e75ce42e687cb0e5e92c332f2c9d86e1e8eb6e730282bd674c12596c487e9f5c5f4ad4970e52c77843ec42aaf9179b555

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d

    • Size

      101KB

    • MD5

      fbc459bd5dac532c6117e838dc8ca894

    • SHA1

      f724e9de3af6681500e38168346e0629e03672ec

    • SHA256

      0ed9e601a569cfda688bc21cc52caab63e973f834a96742475112daa563db88d

    • SHA512

      f282804628eb0cd961c906bbd4be0e4e75ce42e687cb0e5e92c332f2c9d86e1e8eb6e730282bd674c12596c487e9f5c5f4ad4970e52c77843ec42aaf9179b555

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks