Overview

overview

10

Static

static

10

139918f86a...95.exe

windows7_x64

10

139918f86a...95.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    139918f86a5f04d78fc3157580f1acf41aa974bc93540cb3512b684d16e2ef95

  • Size

    191KB

  • Sample

    220212-fsjjkahhdq

  • MD5

    e772a34d6677c7532959eced54cef9cd

  • SHA1

    0cec783a300bff9e88a708d2cc50fddd07e64a48

  • SHA256

    139918f86a5f04d78fc3157580f1acf41aa974bc93540cb3512b684d16e2ef95

  • SHA512

    38b8dc20a41e1085203d5e7cf6c14b1c402c2db0dfb8340e516d0df7da6a606b5631b44e35c351c68ab8757a104de0c168a82bd204ad9df892e2c337c68eeef0

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      139918f86a5f04d78fc3157580f1acf41aa974bc93540cb3512b684d16e2ef95

    • Size

      191KB

    • MD5

      e772a34d6677c7532959eced54cef9cd

    • SHA1

      0cec783a300bff9e88a708d2cc50fddd07e64a48

    • SHA256

      139918f86a5f04d78fc3157580f1acf41aa974bc93540cb3512b684d16e2ef95

    • SHA512

      38b8dc20a41e1085203d5e7cf6c14b1c402c2db0dfb8340e516d0df7da6a606b5631b44e35c351c68ab8757a104de0c168a82bd204ad9df892e2c337c68eeef0

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks