Overview

overview

10

Static

static

0bbbe1efe0...c4.exe

windows7_x64

10

0bbbe1efe0...c4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bbbe1efe098217272247250c83f5ec8d3c0b0dfb58a64f0e05f27e38bd966c4

  • Size

    35KB

  • Sample

    220212-jyxj6abean

  • MD5

    7f1fd2138daf8b177aea11358627db0c

  • SHA1

    c5cdf9db175a11a839da2c472d21bd6ca57aea43

  • SHA256

    0bbbe1efe098217272247250c83f5ec8d3c0b0dfb58a64f0e05f27e38bd966c4

  • SHA512

    dea9f6d11392dfb0b14a2bdb7f46e93d05f33dd8dbf97d6d2b40e29ccc15eb942f89cb5b675a3e604242f7aa556ca68dbbcefeaee5d2d373c984e08fdee78f04

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0bbbe1efe098217272247250c83f5ec8d3c0b0dfb58a64f0e05f27e38bd966c4

    • Size

      35KB

    • MD5

      7f1fd2138daf8b177aea11358627db0c

    • SHA1

      c5cdf9db175a11a839da2c472d21bd6ca57aea43

    • SHA256

      0bbbe1efe098217272247250c83f5ec8d3c0b0dfb58a64f0e05f27e38bd966c4

    • SHA512

      dea9f6d11392dfb0b14a2bdb7f46e93d05f33dd8dbf97d6d2b40e29ccc15eb942f89cb5b675a3e604242f7aa556ca68dbbcefeaee5d2d373c984e08fdee78f04

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks