Overview

overview

10

Static

static

10

131cfc3ef1...c7.exe

windows7_x64

10

131cfc3ef1...c7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    131cfc3ef15fa42f31431e08c4537d11aa4ed86ab1e6592651109e8f29c653c7

  • Size

    101KB

  • Sample

    220212-fzk1zaaack

  • MD5

    949756c47e80702f46e7502085061210

  • SHA1

    aa02bf8efbcfe706580517a19b01c019e8221805

  • SHA256

    131cfc3ef15fa42f31431e08c4537d11aa4ed86ab1e6592651109e8f29c653c7

  • SHA512

    d376ab328ecf60f82c0561063dc79af8eb4f805495dce1558e38158063eef768619ab74e72bbd62bcf6bb6a519db23ad38fc042f0908ee6c41bbed022512b0f6

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      131cfc3ef15fa42f31431e08c4537d11aa4ed86ab1e6592651109e8f29c653c7

    • Size

      101KB

    • MD5

      949756c47e80702f46e7502085061210

    • SHA1

      aa02bf8efbcfe706580517a19b01c019e8221805

    • SHA256

      131cfc3ef15fa42f31431e08c4537d11aa4ed86ab1e6592651109e8f29c653c7

    • SHA512

      d376ab328ecf60f82c0561063dc79af8eb4f805495dce1558e38158063eef768619ab74e72bbd62bcf6bb6a519db23ad38fc042f0908ee6c41bbed022512b0f6

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks