Overview

overview

10

Static

static

0a613ef0bf...c0.exe

windows7_x64

10

0a613ef0bf...c0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a613ef0bf7357fe8dbeacf02e00bc32f04017c38e0704cc75b6e9046f3ce4c0

  • Size

    36KB

  • Sample

    220212-lawn3acbel

  • MD5

    a81980fdf30e9eb8536c3f97a9c6b7eb

  • SHA1

    6efd94fcbaff23c7219ebaa6ee4fb61fe0491021

  • SHA256

    0a613ef0bf7357fe8dbeacf02e00bc32f04017c38e0704cc75b6e9046f3ce4c0

  • SHA512

    ca3e536315880d46e78cdb1be36ae0e67798a55384b8242d60877ca2563a37f51f6709e18cbc52f67c7012a52688132ce26b822a781e4fccd6060303ed78296f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0a613ef0bf7357fe8dbeacf02e00bc32f04017c38e0704cc75b6e9046f3ce4c0

    • Size

      36KB

    • MD5

      a81980fdf30e9eb8536c3f97a9c6b7eb

    • SHA1

      6efd94fcbaff23c7219ebaa6ee4fb61fe0491021

    • SHA256

      0a613ef0bf7357fe8dbeacf02e00bc32f04017c38e0704cc75b6e9046f3ce4c0

    • SHA512

      ca3e536315880d46e78cdb1be36ae0e67798a55384b8242d60877ca2563a37f51f6709e18cbc52f67c7012a52688132ce26b822a781e4fccd6060303ed78296f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks