Overview

overview

10

Static

static

10

0d56db97af...97.exe

windows7_x64

10

0d56db97af...97.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d56db97af9ca9a184779c46f293654255bd61b917ae54b93b561270ee63ba97

  • Size

    192KB

  • Sample

    220212-jcqjqabbbp

  • MD5

    fe652b3b41a0b023a064c02fb6db526f

  • SHA1

    deb80888f80fba03755b0c76f5cf41fc7c71e0f9

  • SHA256

    0d56db97af9ca9a184779c46f293654255bd61b917ae54b93b561270ee63ba97

  • SHA512

    b2aac7436bc2e80b5b34be90a62112f145987e5bdb9683e732c7e65913594d79fa8de52141cdead1afe6b4275d5bba224bd73723e5cf176138e88c1bb42c9e67

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0d56db97af9ca9a184779c46f293654255bd61b917ae54b93b561270ee63ba97

    • Size

      192KB

    • MD5

      fe652b3b41a0b023a064c02fb6db526f

    • SHA1

      deb80888f80fba03755b0c76f5cf41fc7c71e0f9

    • SHA256

      0d56db97af9ca9a184779c46f293654255bd61b917ae54b93b561270ee63ba97

    • SHA512

      b2aac7436bc2e80b5b34be90a62112f145987e5bdb9683e732c7e65913594d79fa8de52141cdead1afe6b4275d5bba224bd73723e5cf176138e88c1bb42c9e67

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks