Overview

overview

10

Static

static

10

139042c506...73.exe

windows7_x64

10

139042c506...73.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    139042c506b2339003732c72ec0e2a8ffeb1b8cd693b4a9a762e54db03ff0773

  • Size

    216KB

  • Sample

    220212-fss31agcf9

  • MD5

    4280a2d8b873d1d073e911ef9e79ddf1

  • SHA1

    bbf8188377a5c717036509e99be78b0af325e9dc

  • SHA256

    139042c506b2339003732c72ec0e2a8ffeb1b8cd693b4a9a762e54db03ff0773

  • SHA512

    c64d579f2a3928130b38f541fbf445f005658695d72d0353beaa7d98898a2bfad8ac35be8d80ff956bd42744700eb7b33508f3c95b87ffbe154f2645e1e31da3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      139042c506b2339003732c72ec0e2a8ffeb1b8cd693b4a9a762e54db03ff0773

    • Size

      216KB

    • MD5

      4280a2d8b873d1d073e911ef9e79ddf1

    • SHA1

      bbf8188377a5c717036509e99be78b0af325e9dc

    • SHA256

      139042c506b2339003732c72ec0e2a8ffeb1b8cd693b4a9a762e54db03ff0773

    • SHA512

      c64d579f2a3928130b38f541fbf445f005658695d72d0353beaa7d98898a2bfad8ac35be8d80ff956bd42744700eb7b33508f3c95b87ffbe154f2645e1e31da3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks