Overview

overview

10

Static

static

10

0e4f04cd33...d9.exe

windows7_x64

10

0e4f04cd33...d9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e4f04cd33cb4217381c544440d95c0afb51b8b2d091c6b0634a4b17683745d9

  • Size

    191KB

  • Sample

    220212-hzlcvahda9

  • MD5

    5b09c0cd44a846f4cb26fbff79254e1a

  • SHA1

    2c9d022692f996793076804cbe7f32847dfb7e55

  • SHA256

    0e4f04cd33cb4217381c544440d95c0afb51b8b2d091c6b0634a4b17683745d9

  • SHA512

    7d0446ed58b2648a03cfbe6550923fd549428adb72fc2e0341047feb3dfecd2ec3a29a44131d6218362b132c75f2e90bed57d853e78db4c94400f9b8283a3464

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0e4f04cd33cb4217381c544440d95c0afb51b8b2d091c6b0634a4b17683745d9

    • Size

      191KB

    • MD5

      5b09c0cd44a846f4cb26fbff79254e1a

    • SHA1

      2c9d022692f996793076804cbe7f32847dfb7e55

    • SHA256

      0e4f04cd33cb4217381c544440d95c0afb51b8b2d091c6b0634a4b17683745d9

    • SHA512

      7d0446ed58b2648a03cfbe6550923fd549428adb72fc2e0341047feb3dfecd2ec3a29a44131d6218362b132c75f2e90bed57d853e78db4c94400f9b8283a3464

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks