Overview

overview

10

Static

static

0c3bd21946...d2.exe

windows7_x64

10

0c3bd21946...d2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c3bd2194626d96f7a040abed3290ebfc58d6c013c420fce16e211f89ad621d2

  • Size

    58KB

  • Sample

    220212-jsjq4sbddj

  • MD5

    4d0727bf1a8e55bb37bb12f4712d92f5

  • SHA1

    855a2475d304e8c0db8bb4988766dfc03bbc33b1

  • SHA256

    0c3bd2194626d96f7a040abed3290ebfc58d6c013c420fce16e211f89ad621d2

  • SHA512

    d9a05854e1ace75ca12a851807313094e468aea1505ab3166c5de54da23f639d071c2427cff7d6a0b42510e07da61feecca352af8e799773c57662d481597000

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c3bd2194626d96f7a040abed3290ebfc58d6c013c420fce16e211f89ad621d2

    • Size

      58KB

    • MD5

      4d0727bf1a8e55bb37bb12f4712d92f5

    • SHA1

      855a2475d304e8c0db8bb4988766dfc03bbc33b1

    • SHA256

      0c3bd2194626d96f7a040abed3290ebfc58d6c013c420fce16e211f89ad621d2

    • SHA512

      d9a05854e1ace75ca12a851807313094e468aea1505ab3166c5de54da23f639d071c2427cff7d6a0b42510e07da61feecca352af8e799773c57662d481597000

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks