Overview

overview

10

Static

static

10

0c0ae8b5b7...29.exe

windows7_x64

10

0c0ae8b5b7...29.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c0ae8b5b77cd2d6f788ec041d0a615d901a56c3581265f5b9ce71db71980329

  • Size

    80KB

  • Sample

    220212-jvl91sbdfm

  • MD5

    6a4d49551b031d02124d9f50e346157f

  • SHA1

    321b82e5e9bcbebebd6f02c79bea30852e4b792f

  • SHA256

    0c0ae8b5b77cd2d6f788ec041d0a615d901a56c3581265f5b9ce71db71980329

  • SHA512

    86ee4690a031119ea1e5d0350d74e38bc5630930f6196ffedf28c62527d95aa7a23d60a0eaa8dc7f28e99a3c47f8883c621557612038e19edd80c1c7f1ea58dd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0c0ae8b5b77cd2d6f788ec041d0a615d901a56c3581265f5b9ce71db71980329

    • Size

      80KB

    • MD5

      6a4d49551b031d02124d9f50e346157f

    • SHA1

      321b82e5e9bcbebebd6f02c79bea30852e4b792f

    • SHA256

      0c0ae8b5b77cd2d6f788ec041d0a615d901a56c3581265f5b9ce71db71980329

    • SHA512

      86ee4690a031119ea1e5d0350d74e38bc5630930f6196ffedf28c62527d95aa7a23d60a0eaa8dc7f28e99a3c47f8883c621557612038e19edd80c1c7f1ea58dd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks