Overview

overview

10

Static

static

09ca708473...74.exe

windows7_x64

10

09ca708473...74.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09ca708473e1c9b4c29e68771ff968a0b00e0501483e40a0aaa66608d3d86c74

  • Size

    60KB

  • Sample

    220212-lhe2aaafd4

  • MD5

    e5916f9de503cc462052bd7b01302c7d

  • SHA1

    0cebc61c1471a0446abfd3499af939357bc95cc5

  • SHA256

    09ca708473e1c9b4c29e68771ff968a0b00e0501483e40a0aaa66608d3d86c74

  • SHA512

    c8cc94ec63d634993f7f8a2260995996112804db78ce52e5a3264bf0b218c5f62be9f58fe2d03b1cd79c7575c30f48b077562058c3e7cccfd3cca8a0da426f71

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      09ca708473e1c9b4c29e68771ff968a0b00e0501483e40a0aaa66608d3d86c74

    • Size

      60KB

    • MD5

      e5916f9de503cc462052bd7b01302c7d

    • SHA1

      0cebc61c1471a0446abfd3499af939357bc95cc5

    • SHA256

      09ca708473e1c9b4c29e68771ff968a0b00e0501483e40a0aaa66608d3d86c74

    • SHA512

      c8cc94ec63d634993f7f8a2260995996112804db78ce52e5a3264bf0b218c5f62be9f58fe2d03b1cd79c7575c30f48b077562058c3e7cccfd3cca8a0da426f71

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks