Overview

overview

10

Static

static

10

0b279149b9...91.exe

windows7_x64

10

0b279149b9...91.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b279149b9bbb72640c5263dfcff07db7bba7c3017759d67716d3257c372ab91

  • Size

    80KB

  • Sample

    220212-kar57sbfdk

  • MD5

    1b2f8f6d930b88622f2b15dc876483d2

  • SHA1

    5168e25d26db7688bef6c8c7637f145b5bfba4d5

  • SHA256

    0b279149b9bbb72640c5263dfcff07db7bba7c3017759d67716d3257c372ab91

  • SHA512

    3640a4f4b2d18e5423fc9b2436f0373775438ccdf7c4f7dc7a76be38860318ab239c5e2427e81017e922cbf938bf08e2fa83699a949113fca7f539f29dc2ad0f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b279149b9bbb72640c5263dfcff07db7bba7c3017759d67716d3257c372ab91

    • Size

      80KB

    • MD5

      1b2f8f6d930b88622f2b15dc876483d2

    • SHA1

      5168e25d26db7688bef6c8c7637f145b5bfba4d5

    • SHA256

      0b279149b9bbb72640c5263dfcff07db7bba7c3017759d67716d3257c372ab91

    • SHA512

      3640a4f4b2d18e5423fc9b2436f0373775438ccdf7c4f7dc7a76be38860318ab239c5e2427e81017e922cbf938bf08e2fa83699a949113fca7f539f29dc2ad0f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks