Overview

overview

10

Static

static

0b64e71e62...9f.exe

windows7_x64

10

0b64e71e62...9f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b64e71e622cabead45f1a2df1aec354a5dbc4140b3dca0920831038eba2029f

  • Size

    36KB

  • Sample

    220212-j51kdsbegp

  • MD5

    61068e3dc38b09d31075b529c70c6fa5

  • SHA1

    10f198f99d222c6033c59ab5879ce7f89e0da41b

  • SHA256

    0b64e71e622cabead45f1a2df1aec354a5dbc4140b3dca0920831038eba2029f

  • SHA512

    1def20a06896059f18ff88ad4114f67cf77ada03436f01eaf3fa4f384b378e9c31b57b71065b25ff40d7a110f95ac4effd6f25daf4c7e09bccd7f012befd6c9a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b64e71e622cabead45f1a2df1aec354a5dbc4140b3dca0920831038eba2029f

    • Size

      36KB

    • MD5

      61068e3dc38b09d31075b529c70c6fa5

    • SHA1

      10f198f99d222c6033c59ab5879ce7f89e0da41b

    • SHA256

      0b64e71e622cabead45f1a2df1aec354a5dbc4140b3dca0920831038eba2029f

    • SHA512

      1def20a06896059f18ff88ad4114f67cf77ada03436f01eaf3fa4f384b378e9c31b57b71065b25ff40d7a110f95ac4effd6f25daf4c7e09bccd7f012befd6c9a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks