Overview

overview

10

Static

static

13db3261a6...fa.exe

windows7_x64

10

13db3261a6...fa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13db3261a611244d7d25ce092eae104e194c8ff083426bd705e57b7a0d03b3fa

  • Size

    36KB

  • Sample

    220212-fnbcdshghp

  • MD5

    3bd58ac01cfdb88ad7e604d045ad435e

  • SHA1

    ca7a73e38dc3d4dc4d9e11943431103d97f4cda8

  • SHA256

    13db3261a611244d7d25ce092eae104e194c8ff083426bd705e57b7a0d03b3fa

  • SHA512

    d1e1504869605b7f51b6c6b8714f045d87327d955ea829ac74deffcbbe105a24a5fbce2baa707198c7f0ffdd7014cf5d01cbf3f5c1d8ddb99f7c50ff5ea55bfb

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13db3261a611244d7d25ce092eae104e194c8ff083426bd705e57b7a0d03b3fa

    • Size

      36KB

    • MD5

      3bd58ac01cfdb88ad7e604d045ad435e

    • SHA1

      ca7a73e38dc3d4dc4d9e11943431103d97f4cda8

    • SHA256

      13db3261a611244d7d25ce092eae104e194c8ff083426bd705e57b7a0d03b3fa

    • SHA512

      d1e1504869605b7f51b6c6b8714f045d87327d955ea829ac74deffcbbe105a24a5fbce2baa707198c7f0ffdd7014cf5d01cbf3f5c1d8ddb99f7c50ff5ea55bfb

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks