Overview

overview

10

Static

static

10

136cd80692...3a.exe

windows7_x64

10

136cd80692...3a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    136cd8069203e4f8edd853d3c60058d8e2b37562c75aa629c77ba7546c540f3a

  • Size

    101KB

  • Sample

    220212-fvryqagch4

  • MD5

    55abc2a5e771ae39b0af354190bd5978

  • SHA1

    10de9743aa99484c3519b55baf2dea11f4587293

  • SHA256

    136cd8069203e4f8edd853d3c60058d8e2b37562c75aa629c77ba7546c540f3a

  • SHA512

    ad8d3c18165d3e97a3c567bcde26d727620f525ab2205a516abc5e97fc03cd8521725ecf38aaf14c461190af8344482534663162d9cbf13b8af9ea3a3c09a0f2

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      136cd8069203e4f8edd853d3c60058d8e2b37562c75aa629c77ba7546c540f3a

    • Size

      101KB

    • MD5

      55abc2a5e771ae39b0af354190bd5978

    • SHA1

      10de9743aa99484c3519b55baf2dea11f4587293

    • SHA256

      136cd8069203e4f8edd853d3c60058d8e2b37562c75aa629c77ba7546c540f3a

    • SHA512

      ad8d3c18165d3e97a3c567bcde26d727620f525ab2205a516abc5e97fc03cd8521725ecf38aaf14c461190af8344482534663162d9cbf13b8af9ea3a3c09a0f2

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks