Overview

overview

10

Static

static

10

1308007d10...35.exe

windows7_x64

10

1308007d10...35.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1308007d10a9f7355702dda5491611a049cf126044f12bf5df7d950f57418335

  • Size

    101KB

  • Sample

    220212-f1g1psaacr

  • MD5

    6d6634ec6b24447516df42bb2f76eca1

  • SHA1

    21be39ede415b9506709a28693e1e38a784f91aa

  • SHA256

    1308007d10a9f7355702dda5491611a049cf126044f12bf5df7d950f57418335

  • SHA512

    9cd0eed3387d417895de18d910d92e33dd9f56aff70b49cb9d5c641612f699cb230d755a7e3cb317f38911c5ce9cb04c34cc76cec519b600acfc923313cc6615

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1308007d10a9f7355702dda5491611a049cf126044f12bf5df7d950f57418335

    • Size

      101KB

    • MD5

      6d6634ec6b24447516df42bb2f76eca1

    • SHA1

      21be39ede415b9506709a28693e1e38a784f91aa

    • SHA256

      1308007d10a9f7355702dda5491611a049cf126044f12bf5df7d950f57418335

    • SHA512

      9cd0eed3387d417895de18d910d92e33dd9f56aff70b49cb9d5c641612f699cb230d755a7e3cb317f38911c5ce9cb04c34cc76cec519b600acfc923313cc6615

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks