Overview

overview

10

Static

static

10

09b1ea4337...e5.exe

windows7_x64

10

09b1ea4337...e5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09b1ea4337c445e072144aad9547b0f058090299c03da26456854362451b21e5

  • Size

    99KB

  • Sample

    220212-lh8zcsafe4

  • MD5

    4e25720731ad58d631c5434164ed179a

  • SHA1

    19b3ca765f05058ae85830f935bad559c3eb4328

  • SHA256

    09b1ea4337c445e072144aad9547b0f058090299c03da26456854362451b21e5

  • SHA512

    ffbc28e733775e4e5fb35308923de7039a1d95605ff3935163026f6d9ae3f5868e567da04bba9a161011c56c79d45fe1327ed6228284bb74fe993473c9da0813

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      09b1ea4337c445e072144aad9547b0f058090299c03da26456854362451b21e5

    • Size

      99KB

    • MD5

      4e25720731ad58d631c5434164ed179a

    • SHA1

      19b3ca765f05058ae85830f935bad559c3eb4328

    • SHA256

      09b1ea4337c445e072144aad9547b0f058090299c03da26456854362451b21e5

    • SHA512

      ffbc28e733775e4e5fb35308923de7039a1d95605ff3935163026f6d9ae3f5868e567da04bba9a161011c56c79d45fe1327ed6228284bb74fe993473c9da0813

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks