Overview

overview

10

Static

static

10

134b5b80e0...75.exe

windows7_x64

10

134b5b80e0...75.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    134b5b80e06cb2246077aefd419b3c843d6b80123c0f69300a70773760f0a775

  • Size

    101KB

  • Sample

    220212-fxljqagdb6

  • MD5

    293cc4f40fd43ad48a7835ff3c79c78a

  • SHA1

    003220caf6d87478ecd73b2cd27221205c8d3cab

  • SHA256

    134b5b80e06cb2246077aefd419b3c843d6b80123c0f69300a70773760f0a775

  • SHA512

    794299c33b4e321cdc9a150e115156221ac77b7eefa41af0bd9a2e5775279561a03aa92ecae616846f1b3e1e7d94c97cafe28fd70f033ec989a39a60c73b0a28

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      134b5b80e06cb2246077aefd419b3c843d6b80123c0f69300a70773760f0a775

    • Size

      101KB

    • MD5

      293cc4f40fd43ad48a7835ff3c79c78a

    • SHA1

      003220caf6d87478ecd73b2cd27221205c8d3cab

    • SHA256

      134b5b80e06cb2246077aefd419b3c843d6b80123c0f69300a70773760f0a775

    • SHA512

      794299c33b4e321cdc9a150e115156221ac77b7eefa41af0bd9a2e5775279561a03aa92ecae616846f1b3e1e7d94c97cafe28fd70f033ec989a39a60c73b0a28

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks