Overview

overview

10

Static

static

0298a76331...01.exe

windows7_x64

10

0298a76331...01.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0298a76331d88af55b07e41c2e9110f6b72fc8b90632b0c2f23e89672c0f5d01

  • Size

    36KB

  • Sample

    220212-n7zs4adgcq

  • MD5

    a747cf626d15f5322a39bf82137f15d5

  • SHA1

    c1fa956c199676c451371b18315805e2effc93f1

  • SHA256

    0298a76331d88af55b07e41c2e9110f6b72fc8b90632b0c2f23e89672c0f5d01

  • SHA512

    f8ac31c060142240fc8bd106d2c9687ccb04f61a60d1441dbb079e96fdeb8205208724ff3270431b4b747fdffb418f463cee10230b1ac4160135ba41ab2b5375

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0298a76331d88af55b07e41c2e9110f6b72fc8b90632b0c2f23e89672c0f5d01

    • Size

      36KB

    • MD5

      a747cf626d15f5322a39bf82137f15d5

    • SHA1

      c1fa956c199676c451371b18315805e2effc93f1

    • SHA256

      0298a76331d88af55b07e41c2e9110f6b72fc8b90632b0c2f23e89672c0f5d01

    • SHA512

      f8ac31c060142240fc8bd106d2c9687ccb04f61a60d1441dbb079e96fdeb8205208724ff3270431b4b747fdffb418f463cee10230b1ac4160135ba41ab2b5375

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks