Overview

overview

10

Static

static

10

127961a581...0e.exe

windows7_x64

10

127961a581...0e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    127961a581509b5e3a3b13403711a98b22a442afc3c66c893b056d988a65c70e

  • Size

    120KB

  • Sample

    220212-f71rdsged3

  • MD5

    1908c0600cc9df5e3735b2790f631e5b

  • SHA1

    17505ef620b6c7a104b99d795aa0470be7ab5743

  • SHA256

    127961a581509b5e3a3b13403711a98b22a442afc3c66c893b056d988a65c70e

  • SHA512

    1cec77b36f6841e21840f526edf4afb432a994b0d28ff262ac41c5b37905e80a7f149786501918a79b45d1fa0bcd1a82a8c29bea90ef978df4acdf60e43871dd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      127961a581509b5e3a3b13403711a98b22a442afc3c66c893b056d988a65c70e

    • Size

      120KB

    • MD5

      1908c0600cc9df5e3735b2790f631e5b

    • SHA1

      17505ef620b6c7a104b99d795aa0470be7ab5743

    • SHA256

      127961a581509b5e3a3b13403711a98b22a442afc3c66c893b056d988a65c70e

    • SHA512

      1cec77b36f6841e21840f526edf4afb432a994b0d28ff262ac41c5b37905e80a7f149786501918a79b45d1fa0bcd1a82a8c29bea90ef978df4acdf60e43871dd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks