Overview

overview

10

Static

static

1073c13e40...f7.exe

windows7_x64

10

1073c13e40...f7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1073c13e4098f968103ade1ab7330b9d45fbbe0c8d9d00daeb70753e27867af7

  • Size

    58KB

  • Sample

    220212-g1rqksghg4

  • MD5

    383bae5891ea3ddd6d6204b487ade385

  • SHA1

    9b99c339ca887bde39a007acba537263e47b15ef

  • SHA256

    1073c13e4098f968103ade1ab7330b9d45fbbe0c8d9d00daeb70753e27867af7

  • SHA512

    f8d52f5a8bc9126042723195585c806edf57f3ad2f7680d301094f0bc1d97a5c65715ea631a2dce7082a6fc96b707d56c4b0513edbb08a9016821fe43f47dd09

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1073c13e4098f968103ade1ab7330b9d45fbbe0c8d9d00daeb70753e27867af7

    • Size

      58KB

    • MD5

      383bae5891ea3ddd6d6204b487ade385

    • SHA1

      9b99c339ca887bde39a007acba537263e47b15ef

    • SHA256

      1073c13e4098f968103ade1ab7330b9d45fbbe0c8d9d00daeb70753e27867af7

    • SHA512

      f8d52f5a8bc9126042723195585c806edf57f3ad2f7680d301094f0bc1d97a5c65715ea631a2dce7082a6fc96b707d56c4b0513edbb08a9016821fe43f47dd09

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks