Overview

overview

10

Static

static

10

13e396a766...84.exe

windows7_x64

10

13e396a766...84.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13e396a76601875520b1b463d9f1809fc8711e22b9870107952589ce2c570484

  • Size

    80KB

  • Sample

    220212-fm3egshghm

  • MD5

    2d40183d16f8f9a42a5aace1e1372285

  • SHA1

    0576f795a71793358bb672e66989baca445b6de8

  • SHA256

    13e396a76601875520b1b463d9f1809fc8711e22b9870107952589ce2c570484

  • SHA512

    00a3094346c027cab91c78b9e367bbabec46311c8e126e3dd766d1ba50dab2d3a8c087a18c8f548fd2ebe9f20e2e5d9fbdafa131f6b19661c36d91de62393957

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13e396a76601875520b1b463d9f1809fc8711e22b9870107952589ce2c570484

    • Size

      80KB

    • MD5

      2d40183d16f8f9a42a5aace1e1372285

    • SHA1

      0576f795a71793358bb672e66989baca445b6de8

    • SHA256

      13e396a76601875520b1b463d9f1809fc8711e22b9870107952589ce2c570484

    • SHA512

      00a3094346c027cab91c78b9e367bbabec46311c8e126e3dd766d1ba50dab2d3a8c087a18c8f548fd2ebe9f20e2e5d9fbdafa131f6b19661c36d91de62393957

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks