Overview

overview

10

Static

static

0c574dfe04...41.exe

windows7_x64

10

0c574dfe04...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c574dfe04e98c429e1780572a7d8aa33a06b0517144ca7c02f9d81e3ff50241

  • Size

    35KB

  • Sample

    220212-jrm25sbdcl

  • MD5

    046e35c3ab83dc6f68792ff9cde33c4d

  • SHA1

    314bdaac9f3707c38d8bb63811804b899a7d5df9

  • SHA256

    0c574dfe04e98c429e1780572a7d8aa33a06b0517144ca7c02f9d81e3ff50241

  • SHA512

    03c60f346b7cc6e721378e866a53120a067097509768eb46221493fe5026bc894f3ec1d194e95baea873110e7e939fdcea58ad82af56047e35b3355c149f704f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c574dfe04e98c429e1780572a7d8aa33a06b0517144ca7c02f9d81e3ff50241

    • Size

      35KB

    • MD5

      046e35c3ab83dc6f68792ff9cde33c4d

    • SHA1

      314bdaac9f3707c38d8bb63811804b899a7d5df9

    • SHA256

      0c574dfe04e98c429e1780572a7d8aa33a06b0517144ca7c02f9d81e3ff50241

    • SHA512

      03c60f346b7cc6e721378e866a53120a067097509768eb46221493fe5026bc894f3ec1d194e95baea873110e7e939fdcea58ad82af56047e35b3355c149f704f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks