Overview

overview

10

Static

static

10

0b157aa12e...43.exe

windows7_x64

10

0b157aa12e...43.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b157aa12e10331cc9d9e5fec96eebb195fd0e2cbd1195a50953193d61c99e43

  • Size

    80KB

  • Sample

    220212-kbf5bsbfek

  • MD5

    b4c87a3b0ba0bccf206b48f178b59c25

  • SHA1

    6286c1a04dea66cfdb733b0ed3515bc23af78105

  • SHA256

    0b157aa12e10331cc9d9e5fec96eebb195fd0e2cbd1195a50953193d61c99e43

  • SHA512

    ce7f70324c31feba038367c9c89bc43aa24b1dde9e5ab7924ca70613900554481b68e894315553fbc6c4eff4d4562caedfef158cf2fd2052071668dd10304e62

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b157aa12e10331cc9d9e5fec96eebb195fd0e2cbd1195a50953193d61c99e43

    • Size

      80KB

    • MD5

      b4c87a3b0ba0bccf206b48f178b59c25

    • SHA1

      6286c1a04dea66cfdb733b0ed3515bc23af78105

    • SHA256

      0b157aa12e10331cc9d9e5fec96eebb195fd0e2cbd1195a50953193d61c99e43

    • SHA512

      ce7f70324c31feba038367c9c89bc43aa24b1dde9e5ab7924ca70613900554481b68e894315553fbc6c4eff4d4562caedfef158cf2fd2052071668dd10304e62

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks