Overview

overview

10

Static

static

10

12afaac9f3...bc.exe

windows7_x64

10

12afaac9f3...bc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12afaac9f3b941968a06b7c431d7cda20743fe7b181ec4a029b458f9cff4adbc

  • Size

    144KB

  • Sample

    220212-f5syrsgea6

  • MD5

    60ddc02a209f0d1fda0578c4d77a1cc2

  • SHA1

    dc49235b89078198f4e89c86cc78f17946f59e85

  • SHA256

    12afaac9f3b941968a06b7c431d7cda20743fe7b181ec4a029b458f9cff4adbc

  • SHA512

    8936468c69763f8c10ec894417c7ba0eb9fa162ff75b0b2a5367ec51c5b35b29eccf0ebb8cd357b607cb8d4f7a636359467c467d19b248bd220e41a28747a52f

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12afaac9f3b941968a06b7c431d7cda20743fe7b181ec4a029b458f9cff4adbc

    • Size

      144KB

    • MD5

      60ddc02a209f0d1fda0578c4d77a1cc2

    • SHA1

      dc49235b89078198f4e89c86cc78f17946f59e85

    • SHA256

      12afaac9f3b941968a06b7c431d7cda20743fe7b181ec4a029b458f9cff4adbc

    • SHA512

      8936468c69763f8c10ec894417c7ba0eb9fa162ff75b0b2a5367ec51c5b35b29eccf0ebb8cd357b607cb8d4f7a636359467c467d19b248bd220e41a28747a52f

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks