Overview

overview

10

Static

static

10

0d4a3e9951...10.exe

windows7_x64

10

0d4a3e9951...10.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d4a3e9951c9a7ee537516192282c8bbc1fd97df389bf96a4afca6b7fa54ed10

  • Size

    80KB

  • Sample

    220212-jc813aheh6

  • MD5

    dfda312b65477a4ff25af08faf52f1d8

  • SHA1

    0bd0a3ad5891260f49913b9f15f84322d9645591

  • SHA256

    0d4a3e9951c9a7ee537516192282c8bbc1fd97df389bf96a4afca6b7fa54ed10

  • SHA512

    7aa287d6192b594e007d444b5d72f699eb5324082a661d2d2f89ca26263d1d4ca013259768302b94ac4fe9005d37318d3a9ebafbbad737eba03e4beeee2bc55f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0d4a3e9951c9a7ee537516192282c8bbc1fd97df389bf96a4afca6b7fa54ed10

    • Size

      80KB

    • MD5

      dfda312b65477a4ff25af08faf52f1d8

    • SHA1

      0bd0a3ad5891260f49913b9f15f84322d9645591

    • SHA256

      0d4a3e9951c9a7ee537516192282c8bbc1fd97df389bf96a4afca6b7fa54ed10

    • SHA512

      7aa287d6192b594e007d444b5d72f699eb5324082a661d2d2f89ca26263d1d4ca013259768302b94ac4fe9005d37318d3a9ebafbbad737eba03e4beeee2bc55f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks