Overview

overview

10

Static

static

10

0697cae08c...b9.exe

windows7_x64

10

0697cae08c...b9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0697cae08cc130e2272992f2817e4f34590fd13d8caebb8ca38951998b4238b9

  • Size

    104KB

  • Sample

    220212-mpws2schhj

  • MD5

    dff5e77b0cf6b2205fba070eba8fdace

  • SHA1

    4b0aa4159769fb681dfdf06160d79eb3dbef2ee0

  • SHA256

    0697cae08cc130e2272992f2817e4f34590fd13d8caebb8ca38951998b4238b9

  • SHA512

    7fd39cb392a0d306b4888916b305ce4f0de87c8231f15d1328070e163e46b759429e65bd52f25929e1a08c99d4ce677ada468ea98b188c8b77bf6b5af72f3a2d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0697cae08cc130e2272992f2817e4f34590fd13d8caebb8ca38951998b4238b9

    • Size

      104KB

    • MD5

      dff5e77b0cf6b2205fba070eba8fdace

    • SHA1

      4b0aa4159769fb681dfdf06160d79eb3dbef2ee0

    • SHA256

      0697cae08cc130e2272992f2817e4f34590fd13d8caebb8ca38951998b4238b9

    • SHA512

      7fd39cb392a0d306b4888916b305ce4f0de87c8231f15d1328070e163e46b759429e65bd52f25929e1a08c99d4ce677ada468ea98b188c8b77bf6b5af72f3a2d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks