Overview

overview

10

Static

static

13161bf229...2d.exe

windows7_x64

10

13161bf229...2d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13161bf2292ff2374fd6376929c10f7f44ddd1cda4a48da480702f672acb5d2d

  • Size

    35KB

  • Sample

    220212-fzxd1agdd9

  • MD5

    543933c1e674a9c15b3b4c7aa3bc60fd

  • SHA1

    18e24703f429656acb34406d1d7e556cb8001889

  • SHA256

    13161bf2292ff2374fd6376929c10f7f44ddd1cda4a48da480702f672acb5d2d

  • SHA512

    a065749136060b6ae572dfe90fb2bb48074df9514402d306c7bd56f3c57cb57f30f38d87e0bb2ab8337fb1c474de80b7eefc30ad18ee6cb3e62719e5e6e40e00

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      13161bf2292ff2374fd6376929c10f7f44ddd1cda4a48da480702f672acb5d2d

    • Size

      35KB

    • MD5

      543933c1e674a9c15b3b4c7aa3bc60fd

    • SHA1

      18e24703f429656acb34406d1d7e556cb8001889

    • SHA256

      13161bf2292ff2374fd6376929c10f7f44ddd1cda4a48da480702f672acb5d2d

    • SHA512

      a065749136060b6ae572dfe90fb2bb48074df9514402d306c7bd56f3c57cb57f30f38d87e0bb2ab8337fb1c474de80b7eefc30ad18ee6cb3e62719e5e6e40e00

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks