Overview

overview

10

Static

static

134c021713...61.exe

windows7_x64

10

134c021713...61.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    134c0217133c5ae7e0d424d188c089e73c98c63ba74a0d5cf017cdfe00b85061

  • Size

    60KB

  • Sample

    220212-fxjecsaaak

  • MD5

    f7060c7e018c71e0bdc38be4cb960b2e

  • SHA1

    18e940464ef0a5cccd3c3a0d2128e8eec131568e

  • SHA256

    134c0217133c5ae7e0d424d188c089e73c98c63ba74a0d5cf017cdfe00b85061

  • SHA512

    0ff6cc43dc179b4deb1a9baca8e3c73ef5a0a168f9d30054df05bcd11a37cce69992bb2dd19a88ea6713f06671a0723e2198312d2530dbf93af72d07eea37784

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      134c0217133c5ae7e0d424d188c089e73c98c63ba74a0d5cf017cdfe00b85061

    • Size

      60KB

    • MD5

      f7060c7e018c71e0bdc38be4cb960b2e

    • SHA1

      18e940464ef0a5cccd3c3a0d2128e8eec131568e

    • SHA256

      134c0217133c5ae7e0d424d188c089e73c98c63ba74a0d5cf017cdfe00b85061

    • SHA512

      0ff6cc43dc179b4deb1a9baca8e3c73ef5a0a168f9d30054df05bcd11a37cce69992bb2dd19a88ea6713f06671a0723e2198312d2530dbf93af72d07eea37784

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks