Overview

overview

10

Static

static

121aff5743...c0.exe

windows7_x64

10

121aff5743...c0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    121aff5743cce838ab43308dd7df96f68cf8b62a4f68a63af31e704a755560c0

  • Size

    36KB

  • Sample

    220212-gcpajsabhj

  • MD5

    649ad5171d87f4b6769a9c62583ab9ca

  • SHA1

    e67ec7425473502e179e61010b57ac4ae0acdb25

  • SHA256

    121aff5743cce838ab43308dd7df96f68cf8b62a4f68a63af31e704a755560c0

  • SHA512

    f955199249bf178c814934993c6e7efc9068d96a375da2bdb105ecda5c18491e295f99c83b158cc7ee723823deae4ee8d71af7cbc6cc9b19d9be093a9b3331d7

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      121aff5743cce838ab43308dd7df96f68cf8b62a4f68a63af31e704a755560c0

    • Size

      36KB

    • MD5

      649ad5171d87f4b6769a9c62583ab9ca

    • SHA1

      e67ec7425473502e179e61010b57ac4ae0acdb25

    • SHA256

      121aff5743cce838ab43308dd7df96f68cf8b62a4f68a63af31e704a755560c0

    • SHA512

      f955199249bf178c814934993c6e7efc9068d96a375da2bdb105ecda5c18491e295f99c83b158cc7ee723823deae4ee8d71af7cbc6cc9b19d9be093a9b3331d7

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks