Overview

overview

10

Static

static

10

122239e613...6f.exe

windows7_x64

10

122239e613...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    122239e613eca8595de98610fd893b06b6c538d8a9522a2fb25d96bd44faef6f

  • Size

    99KB

  • Sample

    220212-gcc8aaabgm

  • MD5

    88cd93ecb3ea1b6bef8236c3de3a835d

  • SHA1

    354d073535bfe67d8d53fc7e6a20dd5e7655d57c

  • SHA256

    122239e613eca8595de98610fd893b06b6c538d8a9522a2fb25d96bd44faef6f

  • SHA512

    7c067973753b9e4ed4c2c537bd1f14e8bd37e1781e1efadb3b74e486c592cb9dcdec61ec4c51e951c97309e94f65a3be1af52614cf7bb0a6709a4a70d93db52e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      122239e613eca8595de98610fd893b06b6c538d8a9522a2fb25d96bd44faef6f

    • Size

      99KB

    • MD5

      88cd93ecb3ea1b6bef8236c3de3a835d

    • SHA1

      354d073535bfe67d8d53fc7e6a20dd5e7655d57c

    • SHA256

      122239e613eca8595de98610fd893b06b6c538d8a9522a2fb25d96bd44faef6f

    • SHA512

      7c067973753b9e4ed4c2c537bd1f14e8bd37e1781e1efadb3b74e486c592cb9dcdec61ec4c51e951c97309e94f65a3be1af52614cf7bb0a6709a4a70d93db52e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks