Overview

overview

10

Static

static

13c1028fa7...a0.exe

windows7_x64

10

13c1028fa7...a0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13c1028fa708003078211b11f59e2765c2f0ffa3e61ce784d43d94e7942161a0

  • Size

    60KB

  • Sample

    220212-fqf1nagcd6

  • MD5

    fae4ddf3a8b7ac2263fe3230a972ed64

  • SHA1

    f71a2e648432968fff21b8e32b61a292dce6edc4

  • SHA256

    13c1028fa708003078211b11f59e2765c2f0ffa3e61ce784d43d94e7942161a0

  • SHA512

    47fcb99b39cf68696ba32a7525a99574e712c67c15d017a719cf939ddfc8e09572811a52dcdf4ae1357468f09b771f44caee6686c2fac8bea1a5389b24712172

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13c1028fa708003078211b11f59e2765c2f0ffa3e61ce784d43d94e7942161a0

    • Size

      60KB

    • MD5

      fae4ddf3a8b7ac2263fe3230a972ed64

    • SHA1

      f71a2e648432968fff21b8e32b61a292dce6edc4

    • SHA256

      13c1028fa708003078211b11f59e2765c2f0ffa3e61ce784d43d94e7942161a0

    • SHA512

      47fcb99b39cf68696ba32a7525a99574e712c67c15d017a719cf939ddfc8e09572811a52dcdf4ae1357468f09b771f44caee6686c2fac8bea1a5389b24712172

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks