Overview

overview

10

Static

static

10

13a7fe09b2...18.exe

windows7_x64

10

13a7fe09b2...18.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13a7fe09b2d9000926cd74b75b89350d087f19a68091156e909cc4f56b7fcc18

  • Size

    216KB

  • Sample

    220212-frs2lsgcf4

  • MD5

    4d504aa098f295fd8f7b8c15808f18fb

  • SHA1

    1a6e6bd459468a80dd78d6e4be963a5186c09c7d

  • SHA256

    13a7fe09b2d9000926cd74b75b89350d087f19a68091156e909cc4f56b7fcc18

  • SHA512

    5550356ad67402d5c8e7a3d9ae39f7822658c7c53b94677bd622145ac029b3d5ebb6dea13bd99a851630d8eab691b3080af7ebc8b4c32f28d1a8560917924ed0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13a7fe09b2d9000926cd74b75b89350d087f19a68091156e909cc4f56b7fcc18

    • Size

      216KB

    • MD5

      4d504aa098f295fd8f7b8c15808f18fb

    • SHA1

      1a6e6bd459468a80dd78d6e4be963a5186c09c7d

    • SHA256

      13a7fe09b2d9000926cd74b75b89350d087f19a68091156e909cc4f56b7fcc18

    • SHA512

      5550356ad67402d5c8e7a3d9ae39f7822658c7c53b94677bd622145ac029b3d5ebb6dea13bd99a851630d8eab691b3080af7ebc8b4c32f28d1a8560917924ed0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks