Overview

overview

10

Static

static

10

125dc9d805...76.exe

windows7_x64

10

125dc9d805...76.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    125dc9d805ba3f62b806b7e16a72eb0707d34b624a5e90c14404432d82e50876

  • Size

    192KB

  • Sample

    220212-f9ayraged9

  • MD5

    fbcbc2f3c4601acc96af91420d19e1e6

  • SHA1

    14a74a9b3eda2ab546d81799ca16ffee695cef1d

  • SHA256

    125dc9d805ba3f62b806b7e16a72eb0707d34b624a5e90c14404432d82e50876

  • SHA512

    89dd591e34f3a2e5eaf27439649b79d1027d0a5f70355085911bcb709d4b7c2fb105b054c7d4805cef4b71872fe5a32ace41805f6f97b4024996f15e1adc8bda

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      125dc9d805ba3f62b806b7e16a72eb0707d34b624a5e90c14404432d82e50876

    • Size

      192KB

    • MD5

      fbcbc2f3c4601acc96af91420d19e1e6

    • SHA1

      14a74a9b3eda2ab546d81799ca16ffee695cef1d

    • SHA256

      125dc9d805ba3f62b806b7e16a72eb0707d34b624a5e90c14404432d82e50876

    • SHA512

      89dd591e34f3a2e5eaf27439649b79d1027d0a5f70355085911bcb709d4b7c2fb105b054c7d4805cef4b71872fe5a32ace41805f6f97b4024996f15e1adc8bda

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks