Overview

overview

10

Static

static

0b9c0c3610...5f.exe

windows7_x64

10

0b9c0c3610...5f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b9c0c3610f96266569a427c509e0c80bf9196e79083b72464e35491705fe95f

  • Size

    36KB

  • Sample

    220212-j1y6rsbecp

  • MD5

    2706a0b0f974d72c6f3a0aef8ab2fe81

  • SHA1

    396962f00f0e18b2a409e29f137cf05761ef4bea

  • SHA256

    0b9c0c3610f96266569a427c509e0c80bf9196e79083b72464e35491705fe95f

  • SHA512

    6a9f393e46bf3db237ead1cc4daeaffd5b1d21d3fcccaa9a4dfb6c670cf10c5f84b15d29e95334656cabc933585197e9f53020924ee4195d696bb648f081de28

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b9c0c3610f96266569a427c509e0c80bf9196e79083b72464e35491705fe95f

    • Size

      36KB

    • MD5

      2706a0b0f974d72c6f3a0aef8ab2fe81

    • SHA1

      396962f00f0e18b2a409e29f137cf05761ef4bea

    • SHA256

      0b9c0c3610f96266569a427c509e0c80bf9196e79083b72464e35491705fe95f

    • SHA512

      6a9f393e46bf3db237ead1cc4daeaffd5b1d21d3fcccaa9a4dfb6c670cf10c5f84b15d29e95334656cabc933585197e9f53020924ee4195d696bb648f081de28

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks