Overview

overview

10

Static

static

0c2ba181eb...16.exe

windows7_x64

10

0c2ba181eb...16.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c2ba181ebfb4dee2f046505a37d3731933e5ddaf2632b4747a0292ca0598e16

  • Size

    35KB

  • Sample

    220212-js7syabddr

  • MD5

    a7861d0a323c0cdad627a56bac53a2ab

  • SHA1

    96ae972c0874e43efcbc1576a68474bba54f0812

  • SHA256

    0c2ba181ebfb4dee2f046505a37d3731933e5ddaf2632b4747a0292ca0598e16

  • SHA512

    fe03e899ba240a29e766f297252f5ed1fd29cb76def267d42b89c6dc9e828759cd64006b2f7b2d888cfc5f2b82ead75a6e12121c015effa157d3b84a9f4e4f2a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c2ba181ebfb4dee2f046505a37d3731933e5ddaf2632b4747a0292ca0598e16

    • Size

      35KB

    • MD5

      a7861d0a323c0cdad627a56bac53a2ab

    • SHA1

      96ae972c0874e43efcbc1576a68474bba54f0812

    • SHA256

      0c2ba181ebfb4dee2f046505a37d3731933e5ddaf2632b4747a0292ca0598e16

    • SHA512

      fe03e899ba240a29e766f297252f5ed1fd29cb76def267d42b89c6dc9e828759cd64006b2f7b2d888cfc5f2b82ead75a6e12121c015effa157d3b84a9f4e4f2a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks