Overview

overview

10

Static

static

10

0c78164d31...34.exe

windows7_x64

10

0c78164d31...34.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c78164d312ce927ee033259fdc67c24dbb8930784f9734ea08485ef35344934

  • Size

    216KB

  • Sample

    220212-jqlspahgd3

  • MD5

    6b645f3bbc67f78e2dc074b9ebab6b61

  • SHA1

    dab7501d07408c388df9fe424381ad406e9fd573

  • SHA256

    0c78164d312ce927ee033259fdc67c24dbb8930784f9734ea08485ef35344934

  • SHA512

    0208b25185353f2436119aadb57e2580abb7d9aa7e326a367d0928d2b856434e908780915e590f9f32705a67d7983e3e144281721d2df446596a5c636fee66ba

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c78164d312ce927ee033259fdc67c24dbb8930784f9734ea08485ef35344934

    • Size

      216KB

    • MD5

      6b645f3bbc67f78e2dc074b9ebab6b61

    • SHA1

      dab7501d07408c388df9fe424381ad406e9fd573

    • SHA256

      0c78164d312ce927ee033259fdc67c24dbb8930784f9734ea08485ef35344934

    • SHA512

      0208b25185353f2436119aadb57e2580abb7d9aa7e326a367d0928d2b856434e908780915e590f9f32705a67d7983e3e144281721d2df446596a5c636fee66ba

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks