Overview

overview

10

Static

static

10

1239296e9a...77.exe

windows7_x64

10

1239296e9a...77.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1239296e9a867ca1744c83b01cd459a07a467a318acdd8e140452b5adbff1d77

  • Size

    150KB

  • Sample

    220212-garmwsgef5

  • MD5

    e76e6d8c7b9b80037baec60878c0bbbb

  • SHA1

    519ae63bf37786e931b176be82295beb6af3183a

  • SHA256

    1239296e9a867ca1744c83b01cd459a07a467a318acdd8e140452b5adbff1d77

  • SHA512

    02bfa27733e417cc451ef38c35221d81953aa34bf1f5de3ef332f3cd7719414ebc022142961a17aa2bc98b7bc43f0d1757fee1724ebe538d74f572054383032b

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1239296e9a867ca1744c83b01cd459a07a467a318acdd8e140452b5adbff1d77

    • Size

      150KB

    • MD5

      e76e6d8c7b9b80037baec60878c0bbbb

    • SHA1

      519ae63bf37786e931b176be82295beb6af3183a

    • SHA256

      1239296e9a867ca1744c83b01cd459a07a467a318acdd8e140452b5adbff1d77

    • SHA512

      02bfa27733e417cc451ef38c35221d81953aa34bf1f5de3ef332f3cd7719414ebc022142961a17aa2bc98b7bc43f0d1757fee1724ebe538d74f572054383032b

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks