Overview

overview

10

Static

static

10

13afc95976...80.exe

windows7_x64

10

13afc95976...80.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13afc95976de10e94dd5b167f9e21430bae37e25121cc4d3fa265a72bcf9c580

  • Size

    79KB

  • Sample

    220212-fq5n1shhcp

  • MD5

    4cf6b70343bfd52623371f5b14d49e9c

  • SHA1

    a492f216a2da25602aed9162737bf9e6c564ded5

  • SHA256

    13afc95976de10e94dd5b167f9e21430bae37e25121cc4d3fa265a72bcf9c580

  • SHA512

    61473c5cb0ff95935ad9e7c7f598f2212da9803beddaceac06985b623f663cbe2840da3f446633c6431e9fdfd1d887ccfeeb07fd0e7cd21da61a6a0e83b3f83b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13afc95976de10e94dd5b167f9e21430bae37e25121cc4d3fa265a72bcf9c580

    • Size

      79KB

    • MD5

      4cf6b70343bfd52623371f5b14d49e9c

    • SHA1

      a492f216a2da25602aed9162737bf9e6c564ded5

    • SHA256

      13afc95976de10e94dd5b167f9e21430bae37e25121cc4d3fa265a72bcf9c580

    • SHA512

      61473c5cb0ff95935ad9e7c7f598f2212da9803beddaceac06985b623f663cbe2840da3f446633c6431e9fdfd1d887ccfeeb07fd0e7cd21da61a6a0e83b3f83b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks