Overview

overview

10

Static

static

0c1ec02799...e5.exe

windows7_x64

10

0c1ec02799...e5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c1ec02799efa60ccb3b8dfc9ed0ed10d472f76a126c516c8db36e4f87aa19e5

  • Size

    36KB

  • Sample

    220212-jth6zabdel

  • MD5

    6491cc79e65a058c47a7444040791c0e

  • SHA1

    c50916a392b57b2dde0a19117a546487859db0d6

  • SHA256

    0c1ec02799efa60ccb3b8dfc9ed0ed10d472f76a126c516c8db36e4f87aa19e5

  • SHA512

    dba49cc0798fff919201716f7ffc93ab8d5aeb77b3f95b55f8cdc79708eb78339e09b0b3ca37bed681ddc2b01286c5c5520760c23e5fb8419a9f268473744729

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c1ec02799efa60ccb3b8dfc9ed0ed10d472f76a126c516c8db36e4f87aa19e5

    • Size

      36KB

    • MD5

      6491cc79e65a058c47a7444040791c0e

    • SHA1

      c50916a392b57b2dde0a19117a546487859db0d6

    • SHA256

      0c1ec02799efa60ccb3b8dfc9ed0ed10d472f76a126c516c8db36e4f87aa19e5

    • SHA512

      dba49cc0798fff919201716f7ffc93ab8d5aeb77b3f95b55f8cdc79708eb78339e09b0b3ca37bed681ddc2b01286c5c5520760c23e5fb8419a9f268473744729

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks