Overview

overview

10

Static

static

10

134347f068...1a.exe

windows7_x64

10

134347f068...1a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    134347f0686baf6624849343f78a0df7c6a6d0e8c0936912d2936b4be9bee61a

  • Size

    191KB

  • Sample

    220212-fxxxraaaan

  • MD5

    73f095ee43342a56752a36041c1b3e58

  • SHA1

    09b58a25ff418d2394ed01405c275e6087b6a603

  • SHA256

    134347f0686baf6624849343f78a0df7c6a6d0e8c0936912d2936b4be9bee61a

  • SHA512

    9f9a778d3147459642b984bba66d94b6312ec0bf7fc1c82460fe94ce9306ba65aac0f17478259dae36026a90c6312ba17d9b3dd93675e687841b0fb886635ff1

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      134347f0686baf6624849343f78a0df7c6a6d0e8c0936912d2936b4be9bee61a

    • Size

      191KB

    • MD5

      73f095ee43342a56752a36041c1b3e58

    • SHA1

      09b58a25ff418d2394ed01405c275e6087b6a603

    • SHA256

      134347f0686baf6624849343f78a0df7c6a6d0e8c0936912d2936b4be9bee61a

    • SHA512

      9f9a778d3147459642b984bba66d94b6312ec0bf7fc1c82460fe94ce9306ba65aac0f17478259dae36026a90c6312ba17d9b3dd93675e687841b0fb886635ff1

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks