Overview

overview

10

Static

static

10

02ede0dc60...01.exe

windows7_x64

10

02ede0dc60...01.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02ede0dc609a5719fc615a1c1fa55c69b8e7167519dcfa05c6dbf7a793a62201

  • Size

    92KB

  • Sample

    220212-n39shacab2

  • MD5

    6b3fedf95df89f79c5621c6dcb83f633

  • SHA1

    9314d01d2f14b77bbe6535d66f91d01e505887c9

  • SHA256

    02ede0dc609a5719fc615a1c1fa55c69b8e7167519dcfa05c6dbf7a793a62201

  • SHA512

    885601540349b150e75c3d461324b3863624951102b1d3a0dc54d0c550c07dfdcb1efd83b74c8a0900ad380e9c672e82aab00ab2a14ab1293b07a27fdaf6c320

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      02ede0dc609a5719fc615a1c1fa55c69b8e7167519dcfa05c6dbf7a793a62201

    • Size

      92KB

    • MD5

      6b3fedf95df89f79c5621c6dcb83f633

    • SHA1

      9314d01d2f14b77bbe6535d66f91d01e505887c9

    • SHA256

      02ede0dc609a5719fc615a1c1fa55c69b8e7167519dcfa05c6dbf7a793a62201

    • SHA512

      885601540349b150e75c3d461324b3863624951102b1d3a0dc54d0c550c07dfdcb1efd83b74c8a0900ad380e9c672e82aab00ab2a14ab1293b07a27fdaf6c320

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks