Overview

overview

10

Static

static

10

0bf28971e1...73.exe

windows7_x64

10

0bf28971e1...73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bf28971e196b2ab2b538e69a0f6aeb8444615a913644b3bb6f4ad430bc22673

  • Size

    176KB

  • Sample

    220212-jwhyzshgh7

  • MD5

    28245a26d7e8b66f75a3e6962f5ab2ff

  • SHA1

    271a5210d9b1bda4ddb5b44d50a079a559cf782d

  • SHA256

    0bf28971e196b2ab2b538e69a0f6aeb8444615a913644b3bb6f4ad430bc22673

  • SHA512

    ab27947af15371169779f9091a7a4212184945a3b9a5fe841266402a341541cd9608871e2e69c2b071b02a0ef12dc523b2d9911ccc16575c4aadcbb16b3c59b6

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0bf28971e196b2ab2b538e69a0f6aeb8444615a913644b3bb6f4ad430bc22673

    • Size

      176KB

    • MD5

      28245a26d7e8b66f75a3e6962f5ab2ff

    • SHA1

      271a5210d9b1bda4ddb5b44d50a079a559cf782d

    • SHA256

      0bf28971e196b2ab2b538e69a0f6aeb8444615a913644b3bb6f4ad430bc22673

    • SHA512

      ab27947af15371169779f9091a7a4212184945a3b9a5fe841266402a341541cd9608871e2e69c2b071b02a0ef12dc523b2d9911ccc16575c4aadcbb16b3c59b6

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks