Overview

overview

10

Static

static

10

0ebc6d18d7...56.exe

windows7_x64

10

0ebc6d18d7...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ebc6d18d76454b3a98645619ef048c7f95d1f643b470a84b921753bb293a656

  • Size

    80KB

  • Sample

    220212-ht7nwshce7

  • MD5

    8836f5373cf7ef6bf1efcc2a87cb7cc2

  • SHA1

    c8781b2640b2d035b6378ada755cb340e127556f

  • SHA256

    0ebc6d18d76454b3a98645619ef048c7f95d1f643b470a84b921753bb293a656

  • SHA512

    bc79652c260f0287a0e2c48dbb05db8ab55810936dc1038a4ce649352b8331727e2b098f2a023fd521791989ff1f7c188855e6d3b92b331939ca98400e9b2bd4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0ebc6d18d76454b3a98645619ef048c7f95d1f643b470a84b921753bb293a656

    • Size

      80KB

    • MD5

      8836f5373cf7ef6bf1efcc2a87cb7cc2

    • SHA1

      c8781b2640b2d035b6378ada755cb340e127556f

    • SHA256

      0ebc6d18d76454b3a98645619ef048c7f95d1f643b470a84b921753bb293a656

    • SHA512

      bc79652c260f0287a0e2c48dbb05db8ab55810936dc1038a4ce649352b8331727e2b098f2a023fd521791989ff1f7c188855e6d3b92b331939ca98400e9b2bd4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks