Overview

overview

10

Static

static

10

0bbdc10d88...a5.exe

windows7_x64

10

0bbdc10d88...a5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bbdc10d88d7c515c2f93bff4b8607f3029ab6ef0efd8c8022e9d58458d9b6a5

  • Size

    80KB

  • Sample

    220212-jynbgshhc5

  • MD5

    26935e64a48ff0c22f51ffb1f7843d54

  • SHA1

    86b27bc0f97143a0fa64d1f31bf6a33db1edf131

  • SHA256

    0bbdc10d88d7c515c2f93bff4b8607f3029ab6ef0efd8c8022e9d58458d9b6a5

  • SHA512

    159529a04627f8601d2415f53995a7137b6e3134a9f6208c0937109e542d96b91dfb8946cd45bf03583a0ccf3bfa3c783b5dc83fbe95816c8ba817f130541efc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0bbdc10d88d7c515c2f93bff4b8607f3029ab6ef0efd8c8022e9d58458d9b6a5

    • Size

      80KB

    • MD5

      26935e64a48ff0c22f51ffb1f7843d54

    • SHA1

      86b27bc0f97143a0fa64d1f31bf6a33db1edf131

    • SHA256

      0bbdc10d88d7c515c2f93bff4b8607f3029ab6ef0efd8c8022e9d58458d9b6a5

    • SHA512

      159529a04627f8601d2415f53995a7137b6e3134a9f6208c0937109e542d96b91dfb8946cd45bf03583a0ccf3bfa3c783b5dc83fbe95816c8ba817f130541efc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks