Overview

overview

10

Static

static

0bd4c2454a...43.exe

windows7_x64

10

0bd4c2454a...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bd4c2454ad8aa60b88b3c2dfd41cc7f65fe8474fc0fca5a8584057aa1f5d643

  • Size

    58KB

  • Sample

    220212-jxrbrahhb7

  • MD5

    02d0734eb97bc7329b2b6a49fb109836

  • SHA1

    0591f9420fbeac223e1fc3d2b4b2d324332140a9

  • SHA256

    0bd4c2454ad8aa60b88b3c2dfd41cc7f65fe8474fc0fca5a8584057aa1f5d643

  • SHA512

    418e4498c1e38d482de3561d9da8a8262bb985e5a69a4118694c50d298193b234ce86340057195dc2852d2d20bc89407a8e7273bf3fc5680b2641e31d89ad0c1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0bd4c2454ad8aa60b88b3c2dfd41cc7f65fe8474fc0fca5a8584057aa1f5d643

    • Size

      58KB

    • MD5

      02d0734eb97bc7329b2b6a49fb109836

    • SHA1

      0591f9420fbeac223e1fc3d2b4b2d324332140a9

    • SHA256

      0bd4c2454ad8aa60b88b3c2dfd41cc7f65fe8474fc0fca5a8584057aa1f5d643

    • SHA512

      418e4498c1e38d482de3561d9da8a8262bb985e5a69a4118694c50d298193b234ce86340057195dc2852d2d20bc89407a8e7273bf3fc5680b2641e31d89ad0c1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks