Overview

overview

10

Static

static

10

12fe88b0a1...49.exe

windows7_x64

10

12fe88b0a1...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12fe88b0a1f257aa0f5d14b65601a3d6bdb5bd9aa5159d1941957e75b836f949

  • Size

    212KB

  • Sample

    220212-f1yy8agdf2

  • MD5

    ccdd1b7c7013f7e35f8115bddff6f94d

  • SHA1

    475ee37fb0161fa1248c7e17909e176208a6cb03

  • SHA256

    12fe88b0a1f257aa0f5d14b65601a3d6bdb5bd9aa5159d1941957e75b836f949

  • SHA512

    fbc301e61a565e2b09af08a97c4fd28c529e6cda56427fa734a6cf59ae7029e8f0a37bbdb9385e504ab09a18b4839353c20191997f05ba3a6f2ae4a4afba8382

Score
10/10
sakulapersistencerattrojanupx

Malware Config

Targets

    • Target

      12fe88b0a1f257aa0f5d14b65601a3d6bdb5bd9aa5159d1941957e75b836f949

    • Size

      212KB

    • MD5

      ccdd1b7c7013f7e35f8115bddff6f94d

    • SHA1

      475ee37fb0161fa1248c7e17909e176208a6cb03

    • SHA256

      12fe88b0a1f257aa0f5d14b65601a3d6bdb5bd9aa5159d1941957e75b836f949

    • SHA512

      fbc301e61a565e2b09af08a97c4fd28c529e6cda56427fa734a6cf59ae7029e8f0a37bbdb9385e504ab09a18b4839353c20191997f05ba3a6f2ae4a4afba8382

    Score
    10/10
    sakulapersistencerattrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks