Overview

overview

10

Static

static

10

0399b6c347...b2.exe

windows7_x64

10

0399b6c347...b2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0399b6c34730e73535f71d4d8ad26e7455a281a1e51b785962c64d493e8d8eb2

  • Size

    92KB

  • Sample

    220212-nvjaksbhb7

  • MD5

    dc67af6023fd844421c1ed3a54dbfb84

  • SHA1

    a3a131657afb813b4da364eb3514ad7e15d43292

  • SHA256

    0399b6c34730e73535f71d4d8ad26e7455a281a1e51b785962c64d493e8d8eb2

  • SHA512

    3b347114376b74d975e9e226e365db0cbcdb12bb39ac5683496b3db6d5a837d643d69b6ab46d9a702ac53a79969a5aa829cd1423b9fdb3b13c4d6ba6714b03e7

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0399b6c34730e73535f71d4d8ad26e7455a281a1e51b785962c64d493e8d8eb2

    • Size

      92KB

    • MD5

      dc67af6023fd844421c1ed3a54dbfb84

    • SHA1

      a3a131657afb813b4da364eb3514ad7e15d43292

    • SHA256

      0399b6c34730e73535f71d4d8ad26e7455a281a1e51b785962c64d493e8d8eb2

    • SHA512

      3b347114376b74d975e9e226e365db0cbcdb12bb39ac5683496b3db6d5a837d643d69b6ab46d9a702ac53a79969a5aa829cd1423b9fdb3b13c4d6ba6714b03e7

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks