Overview

overview

10

Static

static

126660c2cc...78.exe

windows7_x64

10

126660c2cc...78.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    126660c2cc18cc5b456257e83b29d50d4a53b82cb0188e5a0952c21414d0a578

  • Size

    35KB

  • Sample

    220212-f8xq5aabcp

  • MD5

    8cbfa45b2da5247140b00627e4f75d72

  • SHA1

    cd452b445d4a290c0fc1854b4c91d1f2b5294505

  • SHA256

    126660c2cc18cc5b456257e83b29d50d4a53b82cb0188e5a0952c21414d0a578

  • SHA512

    ba5802393f02d603e29b05acd1e2e2aa7db2a01d10826004427fb60e0b01ba37c6b75b912a51d89d030b42970976ffd6c6e1e72a6438f6809f9a17f9f49369bd

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      126660c2cc18cc5b456257e83b29d50d4a53b82cb0188e5a0952c21414d0a578

    • Size

      35KB

    • MD5

      8cbfa45b2da5247140b00627e4f75d72

    • SHA1

      cd452b445d4a290c0fc1854b4c91d1f2b5294505

    • SHA256

      126660c2cc18cc5b456257e83b29d50d4a53b82cb0188e5a0952c21414d0a578

    • SHA512

      ba5802393f02d603e29b05acd1e2e2aa7db2a01d10826004427fb60e0b01ba37c6b75b912a51d89d030b42970976ffd6c6e1e72a6438f6809f9a17f9f49369bd

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks