Overview

overview

10

Static

static

10

1369076962...05.exe

windows7_x64

10

1369076962...05.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    136907696268786d71a359f14731b1bf7319c42e112804f985b8f407babb5805

  • Size

    99KB

  • Sample

    220212-fvzcsshhgr

  • MD5

    533b0a9e8e1d2493595cd9405170baa2

  • SHA1

    2ed1ac514e73496ba105c91f8f24157c4e9762d6

  • SHA256

    136907696268786d71a359f14731b1bf7319c42e112804f985b8f407babb5805

  • SHA512

    6175717f8f5ec6cc32f2e80ad5c94cffc977bc15ff101a50077e7e45aad40f094add6db8ef14240421089e6dabfb4efb2bd70254aee6f7cc21fb320b8feea545

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      136907696268786d71a359f14731b1bf7319c42e112804f985b8f407babb5805

    • Size

      99KB

    • MD5

      533b0a9e8e1d2493595cd9405170baa2

    • SHA1

      2ed1ac514e73496ba105c91f8f24157c4e9762d6

    • SHA256

      136907696268786d71a359f14731b1bf7319c42e112804f985b8f407babb5805

    • SHA512

      6175717f8f5ec6cc32f2e80ad5c94cffc977bc15ff101a50077e7e45aad40f094add6db8ef14240421089e6dabfb4efb2bd70254aee6f7cc21fb320b8feea545

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks