Overview

overview

10

Static

static

10

0bb0d23cb1...57.exe

windows7_x64

10

0bb0d23cb1...57.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0bb0d23cb1a94d73f88d02bbeaad9ce0c7d95f64e2ac0e353293b94927d02557

  • Size

    89KB

  • Sample

    220212-jzhgmahhd5

  • MD5

    a1957452a61bcb4895267810b68e2376

  • SHA1

    ea53ec8da1b7597e48454c2c1bb276104c1f4c68

  • SHA256

    0bb0d23cb1a94d73f88d02bbeaad9ce0c7d95f64e2ac0e353293b94927d02557

  • SHA512

    71e0d1c1d7a06748c2401e97c4907b67c7cf752b86e680ad50872dd1960b15d5ad199b29225b1ba887eafe88096aa0a1707d59ca43b9d9c93606fb9435baa00a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0bb0d23cb1a94d73f88d02bbeaad9ce0c7d95f64e2ac0e353293b94927d02557

    • Size

      89KB

    • MD5

      a1957452a61bcb4895267810b68e2376

    • SHA1

      ea53ec8da1b7597e48454c2c1bb276104c1f4c68

    • SHA256

      0bb0d23cb1a94d73f88d02bbeaad9ce0c7d95f64e2ac0e353293b94927d02557

    • SHA512

      71e0d1c1d7a06748c2401e97c4907b67c7cf752b86e680ad50872dd1960b15d5ad199b29225b1ba887eafe88096aa0a1707d59ca43b9d9c93606fb9435baa00a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks