Overview

overview

10

Static

static

13899c64ed...23.exe

windows7_x64

10

13899c64ed...23.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13899c64ede7beef26c06811d632566c1e10bfa9f6da21d53ad4d37477094123

  • Size

    60KB

  • Sample

    220212-ftcgmshher

  • MD5

    8d114ce79ef8526eb1c9c479e1494f44

  • SHA1

    440ebb5b0f55ac54f4a1dfa97d233780b8081bf4

  • SHA256

    13899c64ede7beef26c06811d632566c1e10bfa9f6da21d53ad4d37477094123

  • SHA512

    e40f491b0ed14637720636635f49572fd362375cfd1cf44e097b0195bfd3210ab46e8fa72dfc44f7232335f7a70f31ec22ad20967d2cc5b2c696613d8b3f84ca

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13899c64ede7beef26c06811d632566c1e10bfa9f6da21d53ad4d37477094123

    • Size

      60KB

    • MD5

      8d114ce79ef8526eb1c9c479e1494f44

    • SHA1

      440ebb5b0f55ac54f4a1dfa97d233780b8081bf4

    • SHA256

      13899c64ede7beef26c06811d632566c1e10bfa9f6da21d53ad4d37477094123

    • SHA512

      e40f491b0ed14637720636635f49572fd362375cfd1cf44e097b0195bfd3210ab46e8fa72dfc44f7232335f7a70f31ec22ad20967d2cc5b2c696613d8b3f84ca

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks