Overview

overview

10

Static

static

10

0c52189779...7a.exe

windows7_x64

10

0c52189779...7a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c52189779c43b3a0f6801a01c3905a7b220779e4920872cbfded173d921897a

  • Size

    100KB

  • Sample

    220212-jrsbvshge3

  • MD5

    d326657f2684485628a2fb0b4e92f00b

  • SHA1

    69852ff62c1105f9661c992eb718a67fa98d90f4

  • SHA256

    0c52189779c43b3a0f6801a01c3905a7b220779e4920872cbfded173d921897a

  • SHA512

    00974e209d9ac519f0714ff073401129ca6d9f48857f78935e7b5166bad7aa93e034ea467c44ea0902361ee3e949db82508a589032731f89c700deca79b6cb99

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c52189779c43b3a0f6801a01c3905a7b220779e4920872cbfded173d921897a

    • Size

      100KB

    • MD5

      d326657f2684485628a2fb0b4e92f00b

    • SHA1

      69852ff62c1105f9661c992eb718a67fa98d90f4

    • SHA256

      0c52189779c43b3a0f6801a01c3905a7b220779e4920872cbfded173d921897a

    • SHA512

      00974e209d9ac519f0714ff073401129ca6d9f48857f78935e7b5166bad7aa93e034ea467c44ea0902361ee3e949db82508a589032731f89c700deca79b6cb99

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks