Overview

overview

10

Static

static

0b029f3025...83.exe

windows7_x64

10

0b029f3025...83.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b029f3025aeb0a732754dfeb88a1e40f263acc27b6c9f1c05ef557f7eaca683

  • Size

    60KB

  • Sample

    220212-kc6flsbfgk

  • MD5

    4338e036c621d2632da45342118c53ef

  • SHA1

    fca7ad48e699c36e624017e1eec2d92ae8ecfce2

  • SHA256

    0b029f3025aeb0a732754dfeb88a1e40f263acc27b6c9f1c05ef557f7eaca683

  • SHA512

    4be469095d78a7e0134562e89ef3a4bc3de6e90d0adcebc94c6b4a42d8a557297035922dbe202b993b63682236c7601b9cae7e153ac2a0b0edcc100c539f3173

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0b029f3025aeb0a732754dfeb88a1e40f263acc27b6c9f1c05ef557f7eaca683

    • Size

      60KB

    • MD5

      4338e036c621d2632da45342118c53ef

    • SHA1

      fca7ad48e699c36e624017e1eec2d92ae8ecfce2

    • SHA256

      0b029f3025aeb0a732754dfeb88a1e40f263acc27b6c9f1c05ef557f7eaca683

    • SHA512

      4be469095d78a7e0134562e89ef3a4bc3de6e90d0adcebc94c6b4a42d8a557297035922dbe202b993b63682236c7601b9cae7e153ac2a0b0edcc100c539f3173

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks