Overview

overview

10

Static

static

02b6e38615...56.exe

windows7_x64

10

02b6e38615...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02b6e3861548832f7abd986eaf19bfe5bfac3d76d2093b11d914e2d36f5b9c56

  • Size

    35KB

  • Sample

    220212-n61c8scae6

  • MD5

    27e4e50882757b307e72b2f0f9932597

  • SHA1

    7f40ee24411d0d5bd6fc638135e35cfb7199edcc

  • SHA256

    02b6e3861548832f7abd986eaf19bfe5bfac3d76d2093b11d914e2d36f5b9c56

  • SHA512

    3cd18038af9aaadb3fcc61413239394a729bd978601125a277100eb9f0413550b8b168443ba70ca616bb46277d5f0f7007f318cde43580f9c3ce0945128a10b4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      02b6e3861548832f7abd986eaf19bfe5bfac3d76d2093b11d914e2d36f5b9c56

    • Size

      35KB

    • MD5

      27e4e50882757b307e72b2f0f9932597

    • SHA1

      7f40ee24411d0d5bd6fc638135e35cfb7199edcc

    • SHA256

      02b6e3861548832f7abd986eaf19bfe5bfac3d76d2093b11d914e2d36f5b9c56

    • SHA512

      3cd18038af9aaadb3fcc61413239394a729bd978601125a277100eb9f0413550b8b168443ba70ca616bb46277d5f0f7007f318cde43580f9c3ce0945128a10b4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks