Overview

overview

10

Static

static

10

0baf013658...79.exe

windows7_x64

10

0baf013658...79.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0baf013658e1b4986674bd4d1589248df172ea64ac0796423b7b5b2dafa86d79

  • Size

    99KB

  • Sample

    220212-jzpkyahhd8

  • MD5

    4f09c748222d20ef9f4a1b56c8765961

  • SHA1

    980613af32f4a4aaa57fc67c2829084db229b772

  • SHA256

    0baf013658e1b4986674bd4d1589248df172ea64ac0796423b7b5b2dafa86d79

  • SHA512

    db23a60addc9d5b04718b8bd485874e8c17295abdc8df8a2eb282a6b5d26c62c8875adc6c6f141e157e1a25f6f5042a2b74ea3fb1f0d7be711c2dad8668ae305

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0baf013658e1b4986674bd4d1589248df172ea64ac0796423b7b5b2dafa86d79

    • Size

      99KB

    • MD5

      4f09c748222d20ef9f4a1b56c8765961

    • SHA1

      980613af32f4a4aaa57fc67c2829084db229b772

    • SHA256

      0baf013658e1b4986674bd4d1589248df172ea64ac0796423b7b5b2dafa86d79

    • SHA512

      db23a60addc9d5b04718b8bd485874e8c17295abdc8df8a2eb282a6b5d26c62c8875adc6c6f141e157e1a25f6f5042a2b74ea3fb1f0d7be711c2dad8668ae305

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks