Overview

overview

10

Static

static

10

12ca7bdcbd...a0.exe

windows7_x64

10

12ca7bdcbd...a0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12ca7bdcbd8548fb0f7b23795e962a2d98837384141fd35872eaf68d51f2d3a0

  • Size

    113KB

  • Sample

    220212-f4jzgagdh4

  • MD5

    5338eb0cefe069ccec1216e43b1b208d

  • SHA1

    6e309c27bd28a29a3a54222473e64f123d6a0825

  • SHA256

    12ca7bdcbd8548fb0f7b23795e962a2d98837384141fd35872eaf68d51f2d3a0

  • SHA512

    c9f9c82cd42feb6b50f8d4cd1b6740584271d81539d6e543d4a26a0a629808afadf327e0e3a14c7c10136d4d2404877e9d96b5d0352380e361c18848425256dd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12ca7bdcbd8548fb0f7b23795e962a2d98837384141fd35872eaf68d51f2d3a0

    • Size

      113KB

    • MD5

      5338eb0cefe069ccec1216e43b1b208d

    • SHA1

      6e309c27bd28a29a3a54222473e64f123d6a0825

    • SHA256

      12ca7bdcbd8548fb0f7b23795e962a2d98837384141fd35872eaf68d51f2d3a0

    • SHA512

      c9f9c82cd42feb6b50f8d4cd1b6740584271d81539d6e543d4a26a0a629808afadf327e0e3a14c7c10136d4d2404877e9d96b5d0352380e361c18848425256dd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks