Overview

overview

10

Static

static

12f2635d30...dd.exe

windows7_x64

10

12f2635d30...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12f2635d309b94ed643e3dab26c02b721635a3cf3c0e7af882a0d1d49760bcdd

  • Size

    58KB

  • Sample

    220212-f2elzagdf4

  • MD5

    92ed576b13eab8a0cc285ff3bfd50299

  • SHA1

    354f0c46554eac8ba6bef7d369d07c053f16bb94

  • SHA256

    12f2635d309b94ed643e3dab26c02b721635a3cf3c0e7af882a0d1d49760bcdd

  • SHA512

    8e876c49b017b5bd69bbfb893840a44a06d8356d1e5e21daa816ef5e5b99e1ad762be081ab3d3728c39d54321c3abfd0adcd65a29aff0d52f405620ee2cf6bc9

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12f2635d309b94ed643e3dab26c02b721635a3cf3c0e7af882a0d1d49760bcdd

    • Size

      58KB

    • MD5

      92ed576b13eab8a0cc285ff3bfd50299

    • SHA1

      354f0c46554eac8ba6bef7d369d07c053f16bb94

    • SHA256

      12f2635d309b94ed643e3dab26c02b721635a3cf3c0e7af882a0d1d49760bcdd

    • SHA512

      8e876c49b017b5bd69bbfb893840a44a06d8356d1e5e21daa816ef5e5b99e1ad762be081ab3d3728c39d54321c3abfd0adcd65a29aff0d52f405620ee2cf6bc9

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks