Overview

overview

10

Static

static

10

0e878fda6b...1c.exe

windows7_x64

10

0e878fda6b...1c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e878fda6b8f8ce32e0e94222aaf5a2854d33e198130a8d6fff3f606ec8cf31c

  • Size

    79KB

  • Sample

    220212-hxpbqaahdl

  • MD5

    82a3a79aa05c0eeaa09161bf2691370f

  • SHA1

    e87e3aa099faf5824f25b379db38a4905242c306

  • SHA256

    0e878fda6b8f8ce32e0e94222aaf5a2854d33e198130a8d6fff3f606ec8cf31c

  • SHA512

    803ef3f007e891b0dbb04245b597787c65029d0e6d79738c579e3564328d73b19c91e832939994b7d2547dd31034f58806f2fac6ced2a617624e00409e1bea49

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e878fda6b8f8ce32e0e94222aaf5a2854d33e198130a8d6fff3f606ec8cf31c

    • Size

      79KB

    • MD5

      82a3a79aa05c0eeaa09161bf2691370f

    • SHA1

      e87e3aa099faf5824f25b379db38a4905242c306

    • SHA256

      0e878fda6b8f8ce32e0e94222aaf5a2854d33e198130a8d6fff3f606ec8cf31c

    • SHA512

      803ef3f007e891b0dbb04245b597787c65029d0e6d79738c579e3564328d73b19c91e832939994b7d2547dd31034f58806f2fac6ced2a617624e00409e1bea49

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks