Overview

overview

10

Static

static

10

12d2fa1ad3...1c.exe

windows7_x64

10

12d2fa1ad3...1c.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12d2fa1ad35a8b21655dbed3c6ef74800ed4f06bbe40f2678b08c9490d723c1c

  • Size

    191KB

  • Sample

    220212-f3w8eaaafm

  • MD5

    c19533c447548f71ccc29c4b5d51e9fe

  • SHA1

    47260fd43fd9f0ac3d2c700d12fc22cda76145f1

  • SHA256

    12d2fa1ad35a8b21655dbed3c6ef74800ed4f06bbe40f2678b08c9490d723c1c

  • SHA512

    6c812291f8534220df125b64739ca10cf853aa853555e9b5e0f150144d472d8d494e9da8a77e8ef8071fcdc26c618ece81f0c616f0183f37c729680b853ad215

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12d2fa1ad35a8b21655dbed3c6ef74800ed4f06bbe40f2678b08c9490d723c1c

    • Size

      191KB

    • MD5

      c19533c447548f71ccc29c4b5d51e9fe

    • SHA1

      47260fd43fd9f0ac3d2c700d12fc22cda76145f1

    • SHA256

      12d2fa1ad35a8b21655dbed3c6ef74800ed4f06bbe40f2678b08c9490d723c1c

    • SHA512

      6c812291f8534220df125b64739ca10cf853aa853555e9b5e0f150144d472d8d494e9da8a77e8ef8071fcdc26c618ece81f0c616f0183f37c729680b853ad215

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks