Overview

overview

10

Static

static

0a07f1f069...12.exe

windows7_x64

10

0a07f1f069...12.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a07f1f0695ffe39bd18c039d2d7a5e079eeee2da802970d5986b9f474c94312

  • Size

    36KB

  • Sample

    220212-le6ptscbhr

  • MD5

    2fecdd885be6545b3f38ebeb66026edb

  • SHA1

    8a6f07fa7d551b56259495c75b60b1a779ab76df

  • SHA256

    0a07f1f0695ffe39bd18c039d2d7a5e079eeee2da802970d5986b9f474c94312

  • SHA512

    18e8a8673cfabf36260445a9ed36f9330ff15675dc1a9e29fc312df5efb13b03745e97f0ce7760428a71b6af6ef6c4194b971f9f238ded72c95abd4453b867e8

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0a07f1f0695ffe39bd18c039d2d7a5e079eeee2da802970d5986b9f474c94312

    • Size

      36KB

    • MD5

      2fecdd885be6545b3f38ebeb66026edb

    • SHA1

      8a6f07fa7d551b56259495c75b60b1a779ab76df

    • SHA256

      0a07f1f0695ffe39bd18c039d2d7a5e079eeee2da802970d5986b9f474c94312

    • SHA512

      18e8a8673cfabf36260445a9ed36f9330ff15675dc1a9e29fc312df5efb13b03745e97f0ce7760428a71b6af6ef6c4194b971f9f238ded72c95abd4453b867e8

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks