Overview

overview

10

Static

static

0b8bb6fdae...d5.exe

windows7_x64

10

0b8bb6fdae...d5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b8bb6fdae6f3c8d724ef45b4274f01a7432332e29af59305b9ddc1ea7f6f0d5

  • Size

    35KB

  • Sample

    220212-j22chsbeej

  • MD5

    3eaf7e8bb06ab03cf2e2821ffbb5e145

  • SHA1

    15cc06cedbfa079f12f6e34a348c721ec9df9ce9

  • SHA256

    0b8bb6fdae6f3c8d724ef45b4274f01a7432332e29af59305b9ddc1ea7f6f0d5

  • SHA512

    3f26049e85b70245f20fb00c708b7355f71b26e5af516b6399e3198b4eac0523bd26986d79b2bb30d5ab9f5c84953b18c3a6ecebd52e510055a7545dc59efefc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b8bb6fdae6f3c8d724ef45b4274f01a7432332e29af59305b9ddc1ea7f6f0d5

    • Size

      35KB

    • MD5

      3eaf7e8bb06ab03cf2e2821ffbb5e145

    • SHA1

      15cc06cedbfa079f12f6e34a348c721ec9df9ce9

    • SHA256

      0b8bb6fdae6f3c8d724ef45b4274f01a7432332e29af59305b9ddc1ea7f6f0d5

    • SHA512

      3f26049e85b70245f20fb00c708b7355f71b26e5af516b6399e3198b4eac0523bd26986d79b2bb30d5ab9f5c84953b18c3a6ecebd52e510055a7545dc59efefc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks