Overview

overview

10

Static

static

10

0a9408f4e1...fa.exe

windows7_x64

10

0a9408f4e1...fa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a9408f4e114df416240ca346b217893fda3a2de65854f33e1f77d7060c007fa

  • Size

    216KB

  • Sample

    220212-k73m7saeb5

  • MD5

    e47817dc4f644a4d01a409b56aa32784

  • SHA1

    dacf30e617f62393fdf4e8d8b9ebb2e823f90d7c

  • SHA256

    0a9408f4e114df416240ca346b217893fda3a2de65854f33e1f77d7060c007fa

  • SHA512

    2d653502b6b11a6f812338ea64a1277b51db1b397f6e16eb4f112da151cebbd92beac210fd52019834bcee666ea36f3d4fcfc63425dcc886b84cc41e66d5d6dc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0a9408f4e114df416240ca346b217893fda3a2de65854f33e1f77d7060c007fa

    • Size

      216KB

    • MD5

      e47817dc4f644a4d01a409b56aa32784

    • SHA1

      dacf30e617f62393fdf4e8d8b9ebb2e823f90d7c

    • SHA256

      0a9408f4e114df416240ca346b217893fda3a2de65854f33e1f77d7060c007fa

    • SHA512

      2d653502b6b11a6f812338ea64a1277b51db1b397f6e16eb4f112da151cebbd92beac210fd52019834bcee666ea36f3d4fcfc63425dcc886b84cc41e66d5d6dc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks