Overview

overview

10

Static

static

10

12e17fb075...a8.exe

windows7_x64

10

12e17fb075...a8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12e17fb0751742399806cbd3872f937c44f1f6bd66c60bb118121b235488cda8

  • Size

    99KB

  • Sample

    220212-f3bxgaaaer

  • MD5

    c1f8fb725f931f958d44070155cb6e79

  • SHA1

    0d81fea7d6756301c78dbe7a9967b6e924b3766f

  • SHA256

    12e17fb0751742399806cbd3872f937c44f1f6bd66c60bb118121b235488cda8

  • SHA512

    6cec15a1928cf7c3c35aec337837c007066a6d84b5e69d3060a6b8fe304224c22c340d7ead4b65b9fb34ec9cd35c0a3a6fd68359e1ebf310abc4119a1310ea65

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12e17fb0751742399806cbd3872f937c44f1f6bd66c60bb118121b235488cda8

    • Size

      99KB

    • MD5

      c1f8fb725f931f958d44070155cb6e79

    • SHA1

      0d81fea7d6756301c78dbe7a9967b6e924b3766f

    • SHA256

      12e17fb0751742399806cbd3872f937c44f1f6bd66c60bb118121b235488cda8

    • SHA512

      6cec15a1928cf7c3c35aec337837c007066a6d84b5e69d3060a6b8fe304224c22c340d7ead4b65b9fb34ec9cd35c0a3a6fd68359e1ebf310abc4119a1310ea65

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks