Overview

overview

10

Static

static

10

13d4c8f140...fd.exe

windows7_x64

10

13d4c8f140...fd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13d4c8f14026e0ede5d291f15b8d90a481dcc02bd0b4f24afabae964d2b5dcfd

  • Size

    80KB

  • Sample

    220212-fnz1ragcc5

  • MD5

    a2774bb7dc3b7384c8c71f02a6c59d06

  • SHA1

    b22ba85f467ef8ecc843dbf791fb949406847e5e

  • SHA256

    13d4c8f14026e0ede5d291f15b8d90a481dcc02bd0b4f24afabae964d2b5dcfd

  • SHA512

    ab5e8d7feb4f0a878c6ce362028362220347cca2615b94730903b8e39cb06375d90b94dacc44673cb774b654220609f08bae718ec1c48188ab23bcd497e45e3b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13d4c8f14026e0ede5d291f15b8d90a481dcc02bd0b4f24afabae964d2b5dcfd

    • Size

      80KB

    • MD5

      a2774bb7dc3b7384c8c71f02a6c59d06

    • SHA1

      b22ba85f467ef8ecc843dbf791fb949406847e5e

    • SHA256

      13d4c8f14026e0ede5d291f15b8d90a481dcc02bd0b4f24afabae964d2b5dcfd

    • SHA512

      ab5e8d7feb4f0a878c6ce362028362220347cca2615b94730903b8e39cb06375d90b94dacc44673cb774b654220609f08bae718ec1c48188ab23bcd497e45e3b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks