Overview

overview

10

Static

static

0c1b86f6bb...4c.exe

windows7_x64

10

0c1b86f6bb...4c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c1b86f6bbf6c3b61edb5ff4106db2c6f3bde3c24714994184cbb0f4613d7d4c

  • Size

    36KB

  • Sample

    220212-jtqk2shgg2

  • MD5

    ead9a38cd28a79a0a415ef09c137de56

  • SHA1

    65ad2cbdb4f3664a60f8411206e194559189453d

  • SHA256

    0c1b86f6bbf6c3b61edb5ff4106db2c6f3bde3c24714994184cbb0f4613d7d4c

  • SHA512

    4b0cf7bd8ad6b9fd60d1169c07c3c1d6a2dc49a0f729a0518a6abdd4e94a4153a612ec4c0cd94dec5d9b59196f4536a1ce4e61fefb7b5f959585557236b60835

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c1b86f6bbf6c3b61edb5ff4106db2c6f3bde3c24714994184cbb0f4613d7d4c

    • Size

      36KB

    • MD5

      ead9a38cd28a79a0a415ef09c137de56

    • SHA1

      65ad2cbdb4f3664a60f8411206e194559189453d

    • SHA256

      0c1b86f6bbf6c3b61edb5ff4106db2c6f3bde3c24714994184cbb0f4613d7d4c

    • SHA512

      4b0cf7bd8ad6b9fd60d1169c07c3c1d6a2dc49a0f729a0518a6abdd4e94a4153a612ec4c0cd94dec5d9b59196f4536a1ce4e61fefb7b5f959585557236b60835

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks