Overview

overview

10

Static

static

10

0d772057f4...ae.exe

windows7_x64

10

0d772057f4...ae.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d772057f4a730a3eba87812c68450e928aca2c837991e63bc07d842d3edddae

  • Size

    92KB

  • Sample

    220212-ja96cahee8

  • MD5

    6c837a2f15f140b0c51e250525e539e9

  • SHA1

    d17720ac681f0200e55a00b8186d04e9f991d6d9

  • SHA256

    0d772057f4a730a3eba87812c68450e928aca2c837991e63bc07d842d3edddae

  • SHA512

    92a2516957e6c7aec77605288f2fd824b5bb042e1038ac48ea81b3c01d272ad300be8842fba98770be1494c8f4843b0566bd1277e70135b9cac30863f214c779

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0d772057f4a730a3eba87812c68450e928aca2c837991e63bc07d842d3edddae

    • Size

      92KB

    • MD5

      6c837a2f15f140b0c51e250525e539e9

    • SHA1

      d17720ac681f0200e55a00b8186d04e9f991d6d9

    • SHA256

      0d772057f4a730a3eba87812c68450e928aca2c837991e63bc07d842d3edddae

    • SHA512

      92a2516957e6c7aec77605288f2fd824b5bb042e1038ac48ea81b3c01d272ad300be8842fba98770be1494c8f4843b0566bd1277e70135b9cac30863f214c779

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks