Overview

overview

10

Static

static

12d15aa0db...56.exe

windows7_x64

10

12d15aa0db...56.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12d15aa0db20ad029e11d28479fdd6b8a48cbf005e99499065e41cd110fc3156

  • Size

    60KB

  • Sample

    220212-f36rvagdh3

  • MD5

    f62382d705dfee7f41500537914ad13a

  • SHA1

    04ef0e1a7d3983b037b759c5953dc40a5d0eed9d

  • SHA256

    12d15aa0db20ad029e11d28479fdd6b8a48cbf005e99499065e41cd110fc3156

  • SHA512

    fb451b6ba915a0f54b94a287de4049bb3b94e300ff469a15528e071370c10f5b5dedbe27c07ee58bcf9f847a3b24db9a4c666bb590ce88b49b6d37e160b0e5b5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12d15aa0db20ad029e11d28479fdd6b8a48cbf005e99499065e41cd110fc3156

    • Size

      60KB

    • MD5

      f62382d705dfee7f41500537914ad13a

    • SHA1

      04ef0e1a7d3983b037b759c5953dc40a5d0eed9d

    • SHA256

      12d15aa0db20ad029e11d28479fdd6b8a48cbf005e99499065e41cd110fc3156

    • SHA512

      fb451b6ba915a0f54b94a287de4049bb3b94e300ff469a15528e071370c10f5b5dedbe27c07ee58bcf9f847a3b24db9a4c666bb590ce88b49b6d37e160b0e5b5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks