Overview

overview

10

Static

static

138bdca4ab...20.exe

windows7_x64

10

138bdca4ab...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    138bdca4ab80dcdf13365b2a7985fbc9c1b89f9bf30a0f2c633b0a4385869020

  • Size

    60KB

  • Sample

    220212-fs5rsshhen

  • MD5

    b1308076e4d2df8899207a8d555142c6

  • SHA1

    cad0ac8d5c3daf37f31ff238fe1efd45fcfa299b

  • SHA256

    138bdca4ab80dcdf13365b2a7985fbc9c1b89f9bf30a0f2c633b0a4385869020

  • SHA512

    bc22f4342075134a9fc519648d459ea4c84dbee94107528fa32faa3354ff4949ebdcb616f51c1daab331749a1b3d8dd1754d79d271268ae16131dc5127d20577

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      138bdca4ab80dcdf13365b2a7985fbc9c1b89f9bf30a0f2c633b0a4385869020

    • Size

      60KB

    • MD5

      b1308076e4d2df8899207a8d555142c6

    • SHA1

      cad0ac8d5c3daf37f31ff238fe1efd45fcfa299b

    • SHA256

      138bdca4ab80dcdf13365b2a7985fbc9c1b89f9bf30a0f2c633b0a4385869020

    • SHA512

      bc22f4342075134a9fc519648d459ea4c84dbee94107528fa32faa3354ff4949ebdcb616f51c1daab331749a1b3d8dd1754d79d271268ae16131dc5127d20577

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks