Overview

overview

10

Static

static

10

12adc99810...2e.exe

windows7_x64

10

12adc99810...2e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12adc9981020adc90ee0e1a6ff8bd8ae78d1343a682c5ce3b61931a3e354b32e

  • Size

    216KB

  • Sample

    220212-f5v35agea7

  • MD5

    6fb7a21b01e02aac54608df71b1797ff

  • SHA1

    acf6c41085891c4edbbb370c254cc2091ae28d48

  • SHA256

    12adc9981020adc90ee0e1a6ff8bd8ae78d1343a682c5ce3b61931a3e354b32e

  • SHA512

    2e19d0e1fafb8b9d5f865065e6cc0c27531f75a63663fa5c0015cb6448e880d0c4fe8df607b165b88b30135f5ad72cc02cbcf0c277b3f5d1fcca062323a48e9b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      12adc9981020adc90ee0e1a6ff8bd8ae78d1343a682c5ce3b61931a3e354b32e

    • Size

      216KB

    • MD5

      6fb7a21b01e02aac54608df71b1797ff

    • SHA1

      acf6c41085891c4edbbb370c254cc2091ae28d48

    • SHA256

      12adc9981020adc90ee0e1a6ff8bd8ae78d1343a682c5ce3b61931a3e354b32e

    • SHA512

      2e19d0e1fafb8b9d5f865065e6cc0c27531f75a63663fa5c0015cb6448e880d0c4fe8df607b165b88b30135f5ad72cc02cbcf0c277b3f5d1fcca062323a48e9b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks