Overview

overview

10

Static

static

1201e80277...f8.exe

windows7_x64

10

1201e80277...f8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1201e80277df9c32d330a64ff01241ba685ac1a545925262d7846276d0e7fcf8

  • Size

    58KB

  • Sample

    220212-gdpygaacak

  • MD5

    96a096a418da9f4c83db83f224e13225

  • SHA1

    c451999a1b557ef81facc029bd7eaa83c411bf0a

  • SHA256

    1201e80277df9c32d330a64ff01241ba685ac1a545925262d7846276d0e7fcf8

  • SHA512

    30e38316d20b05a66625f680b460a532036f60ae71e89a14ff40ad007d1df032ed0cb50d970af4d3420afc165752f9431dc73be0b5aa67439c7d41eb5a8770ef

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1201e80277df9c32d330a64ff01241ba685ac1a545925262d7846276d0e7fcf8

    • Size

      58KB

    • MD5

      96a096a418da9f4c83db83f224e13225

    • SHA1

      c451999a1b557ef81facc029bd7eaa83c411bf0a

    • SHA256

      1201e80277df9c32d330a64ff01241ba685ac1a545925262d7846276d0e7fcf8

    • SHA512

      30e38316d20b05a66625f680b460a532036f60ae71e89a14ff40ad007d1df032ed0cb50d970af4d3420afc165752f9431dc73be0b5aa67439c7d41eb5a8770ef

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks