Overview

overview

10

Static

static

10

0914eb6a2c...03.exe

windows7_x64

10

0914eb6a2c...03.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0914eb6a2c82d84b007d46546cf0c6c6b2469c649f8211063a9788975a690d03

  • Size

    99KB

  • Sample

    220212-lrs99scddq

  • MD5

    437ba52f4638aef000ee5027e6edf1ab

  • SHA1

    c9835ba1565b1ee19f9cfb2cd674c9c5a1abe2fc

  • SHA256

    0914eb6a2c82d84b007d46546cf0c6c6b2469c649f8211063a9788975a690d03

  • SHA512

    06529d56b7e4311b31a60db428e4916b381bbebb079e30dc7ff4d3671024af07438214f6c4ea46c52ae45bc5ee2f0611fae13ae2d95dac14825cdae6f484371c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0914eb6a2c82d84b007d46546cf0c6c6b2469c649f8211063a9788975a690d03

    • Size

      99KB

    • MD5

      437ba52f4638aef000ee5027e6edf1ab

    • SHA1

      c9835ba1565b1ee19f9cfb2cd674c9c5a1abe2fc

    • SHA256

      0914eb6a2c82d84b007d46546cf0c6c6b2469c649f8211063a9788975a690d03

    • SHA512

      06529d56b7e4311b31a60db428e4916b381bbebb079e30dc7ff4d3671024af07438214f6c4ea46c52ae45bc5ee2f0611fae13ae2d95dac14825cdae6f484371c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks