Overview

overview

10

Static

static

0b08fb812a...f0.exe

windows7_x64

10

0b08fb812a...f0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b08fb812a39ec9ece2c5726a11978f36e6ef7af1ca892c6361a24473894daf0

  • Size

    36KB

  • Sample

    220212-kb6pzsaag8

  • MD5

    3093ab14413fe8c4fff07cefa606ee60

  • SHA1

    e737188fbbd11fc11d6c7bc61946115db28dc72c

  • SHA256

    0b08fb812a39ec9ece2c5726a11978f36e6ef7af1ca892c6361a24473894daf0

  • SHA512

    8f98886f38c8101700727ded5009799a7c99277dc053cddf8323fd8f41baa25edb4c69c86f589ce21a4f13722ab58634e722b398be5607d668e0d7750f25a17e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b08fb812a39ec9ece2c5726a11978f36e6ef7af1ca892c6361a24473894daf0

    • Size

      36KB

    • MD5

      3093ab14413fe8c4fff07cefa606ee60

    • SHA1

      e737188fbbd11fc11d6c7bc61946115db28dc72c

    • SHA256

      0b08fb812a39ec9ece2c5726a11978f36e6ef7af1ca892c6361a24473894daf0

    • SHA512

      8f98886f38c8101700727ded5009799a7c99277dc053cddf8323fd8f41baa25edb4c69c86f589ce21a4f13722ab58634e722b398be5607d668e0d7750f25a17e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks