Overview

overview

10

Static

static

10

0618b37bbf...6f.exe

windows7_x64

10

0618b37bbf...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0618b37bbf9e55448a70d3d42aa0ec3e6afcdcf5ef6d346e5b0d47e490c74e6f

  • Size

    191KB

  • Sample

    220212-mv3tjsbdc5

  • MD5

    982285accf179a43f3ac099998d3acd1

  • SHA1

    800025ea92e4705d67165251355b0578d7747961

  • SHA256

    0618b37bbf9e55448a70d3d42aa0ec3e6afcdcf5ef6d346e5b0d47e490c74e6f

  • SHA512

    00758e0ece5fc2f01b7a27ddeab59107a5b8468ed7118949d0049907410fceb00b2f2f00e577e7f824b8735604305ed7ac2b2e223cfb9f069ac8de9ca577475d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0618b37bbf9e55448a70d3d42aa0ec3e6afcdcf5ef6d346e5b0d47e490c74e6f

    • Size

      191KB

    • MD5

      982285accf179a43f3ac099998d3acd1

    • SHA1

      800025ea92e4705d67165251355b0578d7747961

    • SHA256

      0618b37bbf9e55448a70d3d42aa0ec3e6afcdcf5ef6d346e5b0d47e490c74e6f

    • SHA512

      00758e0ece5fc2f01b7a27ddeab59107a5b8468ed7118949d0049907410fceb00b2f2f00e577e7f824b8735604305ed7ac2b2e223cfb9f069ac8de9ca577475d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks