Overview

overview

10

Static

static

10

126978b031...2b.exe

windows7_x64

10

126978b031...2b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    126978b03110b815143dbd1f20472e471bb28d833e803c7447d1505be245872b

  • Size

    79KB

  • Sample

    220212-f8h8qsged5

  • MD5

    25a2ddd746ccd0e094e43db6dd79efdb

  • SHA1

    eb628519f5d549d00212a5493073c12db4be46e2

  • SHA256

    126978b03110b815143dbd1f20472e471bb28d833e803c7447d1505be245872b

  • SHA512

    66f276ed7b8be7ce70797cdd06598679853a79959a52d4edba784cc9ad3ebd0e952e6545490a39820f2de98f2c7cec5078a2deec06e15b789348c262c45745dc

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      126978b03110b815143dbd1f20472e471bb28d833e803c7447d1505be245872b

    • Size

      79KB

    • MD5

      25a2ddd746ccd0e094e43db6dd79efdb

    • SHA1

      eb628519f5d549d00212a5493073c12db4be46e2

    • SHA256

      126978b03110b815143dbd1f20472e471bb28d833e803c7447d1505be245872b

    • SHA512

      66f276ed7b8be7ce70797cdd06598679853a79959a52d4edba784cc9ad3ebd0e952e6545490a39820f2de98f2c7cec5078a2deec06e15b789348c262c45745dc

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks