Overview

overview

10

Static

static

10

06bc00c52e...fb.exe

windows7_x64

10

06bc00c52e...fb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06bc00c52e6f2870dd80f57caea967208eeb3fbbe97ac333842de32f2efc71fb

  • Size

    89KB

  • Sample

    220212-mnh6kabcd9

  • MD5

    7c0931e2b7476ab95ac529d2ecc18072

  • SHA1

    920052e9cf121c69b6f9c3a5a3fb843b917f8180

  • SHA256

    06bc00c52e6f2870dd80f57caea967208eeb3fbbe97ac333842de32f2efc71fb

  • SHA512

    31566d5fd35a1df3bda6daa19e116628ac57a96bc4a7993b2240f7ec963e9d5eff6d6fe03db06dcb877e775ab8abe916138183b063bc311e973c43f42fa0ff3f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      06bc00c52e6f2870dd80f57caea967208eeb3fbbe97ac333842de32f2efc71fb

    • Size

      89KB

    • MD5

      7c0931e2b7476ab95ac529d2ecc18072

    • SHA1

      920052e9cf121c69b6f9c3a5a3fb843b917f8180

    • SHA256

      06bc00c52e6f2870dd80f57caea967208eeb3fbbe97ac333842de32f2efc71fb

    • SHA512

      31566d5fd35a1df3bda6daa19e116628ac57a96bc4a7993b2240f7ec963e9d5eff6d6fe03db06dcb877e775ab8abe916138183b063bc311e973c43f42fa0ff3f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks