Overview

overview

10

Static

static

10

12c3538899...eb.exe

windows7_x64

10

12c3538899...eb.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12c353889963abbf4a1052cc11dc31a6f9f44c7002cf91589dc1602890f0cfeb

  • Size

    216KB

  • Sample

    220212-f4ygvsgdh9

  • MD5

    73f83fc899661534d68c373d485b532c

  • SHA1

    4d8633030e3e9d46a51aad43e73e3a40d8774d46

  • SHA256

    12c353889963abbf4a1052cc11dc31a6f9f44c7002cf91589dc1602890f0cfeb

  • SHA512

    df446e14baca40aa91c316e487d64d945bb929a5b41b63356a2f85b7a988838555b61c39e668507a682a16275a26b24417c3f0991ebb7b909db3536515d9b94d

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12c353889963abbf4a1052cc11dc31a6f9f44c7002cf91589dc1602890f0cfeb

    • Size

      216KB

    • MD5

      73f83fc899661534d68c373d485b532c

    • SHA1

      4d8633030e3e9d46a51aad43e73e3a40d8774d46

    • SHA256

      12c353889963abbf4a1052cc11dc31a6f9f44c7002cf91589dc1602890f0cfeb

    • SHA512

      df446e14baca40aa91c316e487d64d945bb929a5b41b63356a2f85b7a988838555b61c39e668507a682a16275a26b24417c3f0991ebb7b909db3536515d9b94d

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks