Overview

overview

10

Static

static

0cd1b7ed42...d3.exe

windows7_x64

10

0cd1b7ed42...d3.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0cd1b7ed428aae5e137449870db47eb08d07cf70101fb798d1949290b22114d3

  • Size

    58KB

  • Sample

    220212-jj3gvshfg5

  • MD5

    23e8f9e05dd5b22a53749485a7965802

  • SHA1

    f5da9507f2e6f43be9bfcc53bd01fe73101c31a1

  • SHA256

    0cd1b7ed428aae5e137449870db47eb08d07cf70101fb798d1949290b22114d3

  • SHA512

    ef67b06df46bb0852d10b2a9020cfd78f97e8ecf12703ade1127c4ddd3ae53b3ecf1686b221ad52ad460a9483b4e86bf05ab657e4d7031cff1f41b305157ec2f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0cd1b7ed428aae5e137449870db47eb08d07cf70101fb798d1949290b22114d3

    • Size

      58KB

    • MD5

      23e8f9e05dd5b22a53749485a7965802

    • SHA1

      f5da9507f2e6f43be9bfcc53bd01fe73101c31a1

    • SHA256

      0cd1b7ed428aae5e137449870db47eb08d07cf70101fb798d1949290b22114d3

    • SHA512

      ef67b06df46bb0852d10b2a9020cfd78f97e8ecf12703ade1127c4ddd3ae53b3ecf1686b221ad52ad460a9483b4e86bf05ab657e4d7031cff1f41b305157ec2f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks