Overview

overview

10

Static

static

10

0d3c45cc3e...70.exe

windows7_x64

10

0d3c45cc3e...70.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d3c45cc3e615d20fbf5fe5790658cb6c3428416738a10c49277d755f134ba70

  • Size

    79KB

  • Sample

    220212-jdw3wshfa2

  • MD5

    5fe886e0358e12121112a05263ef7a0a

  • SHA1

    862027a7257adf02ec9c694b1430912c07d4e8f7

  • SHA256

    0d3c45cc3e615d20fbf5fe5790658cb6c3428416738a10c49277d755f134ba70

  • SHA512

    b16b12d8dde2d87a4b56ee51e1491c3f1fc492dde0b0bd87c44c9cf1154c4538063e208834052856b3a7222619c57916aa6b22571e96119922ef12c624748051

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0d3c45cc3e615d20fbf5fe5790658cb6c3428416738a10c49277d755f134ba70

    • Size

      79KB

    • MD5

      5fe886e0358e12121112a05263ef7a0a

    • SHA1

      862027a7257adf02ec9c694b1430912c07d4e8f7

    • SHA256

      0d3c45cc3e615d20fbf5fe5790658cb6c3428416738a10c49277d755f134ba70

    • SHA512

      b16b12d8dde2d87a4b56ee51e1491c3f1fc492dde0b0bd87c44c9cf1154c4538063e208834052856b3a7222619c57916aa6b22571e96119922ef12c624748051

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks