Overview

overview

10

Static

static

0a43a158bc...bd.exe

windows7_x64

10

0a43a158bc...bd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a43a158bccd20a4664fdadd93b4f227de7b416477edf4f14172515205f61bbd

  • Size

    35KB

  • Sample

    220212-lb8p1saee8

  • MD5

    38adc97e5679cfe0cee877853b9db756

  • SHA1

    170b1c65028b62a6b34f8be2bec6d61dd9cb0580

  • SHA256

    0a43a158bccd20a4664fdadd93b4f227de7b416477edf4f14172515205f61bbd

  • SHA512

    71be28083d7c7473caccbba8c4b628ef35c2039e6898d76fde9679ac869ca84d2b420411fb0a6b99e9123bc9cf55d1133fbda3fdeef1aa1f52ce1416bbea6317

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0a43a158bccd20a4664fdadd93b4f227de7b416477edf4f14172515205f61bbd

    • Size

      35KB

    • MD5

      38adc97e5679cfe0cee877853b9db756

    • SHA1

      170b1c65028b62a6b34f8be2bec6d61dd9cb0580

    • SHA256

      0a43a158bccd20a4664fdadd93b4f227de7b416477edf4f14172515205f61bbd

    • SHA512

      71be28083d7c7473caccbba8c4b628ef35c2039e6898d76fde9679ac869ca84d2b420411fb0a6b99e9123bc9cf55d1133fbda3fdeef1aa1f52ce1416bbea6317

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks