Overview

overview

10

Static

static

0897663da6...de.exe

windows7_x64

10

0897663da6...de.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0897663da6e6037b56d1190d47937b553fa0dbada9f08cfe575042a41f56c2de

  • Size

    60KB

  • Sample

    220212-lx88nscebl

  • MD5

    85ee408eed563c22639ec21c657306d5

  • SHA1

    12b303f754da94611d723d6821dbbf5df2320568

  • SHA256

    0897663da6e6037b56d1190d47937b553fa0dbada9f08cfe575042a41f56c2de

  • SHA512

    2aaaf4701ed94281cb4262c730b4d33180bd84af234cc7c35cd4c89a2967a64e33aab92017be2f9d9c58797d4670c7590717ea357a382941fd83d1c39f8d8491

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0897663da6e6037b56d1190d47937b553fa0dbada9f08cfe575042a41f56c2de

    • Size

      60KB

    • MD5

      85ee408eed563c22639ec21c657306d5

    • SHA1

      12b303f754da94611d723d6821dbbf5df2320568

    • SHA256

      0897663da6e6037b56d1190d47937b553fa0dbada9f08cfe575042a41f56c2de

    • SHA512

      2aaaf4701ed94281cb4262c730b4d33180bd84af234cc7c35cd4c89a2967a64e33aab92017be2f9d9c58797d4670c7590717ea357a382941fd83d1c39f8d8491

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks