Overview

overview

10

Static

static

1147aeb43c...fc.exe

windows7_x64

10

1147aeb43c...fc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1147aeb43c452f28cfb592867d7835e360d45924efe2af672fea2ff2a52f9ffc

  • Size

    58KB

  • Sample

    220212-gm9z1aggb7

  • MD5

    20e135cdc16d1205e4aad1cbec66dae3

  • SHA1

    bfcf9f8cfc069d4496f09fa038e4d03e6d41f82f

  • SHA256

    1147aeb43c452f28cfb592867d7835e360d45924efe2af672fea2ff2a52f9ffc

  • SHA512

    400e10a6638e53ba33ca6cf8e20d65cbfa9668d024f202621c8110db7c052dad8b93097b43e8b28a12c1eca36ee2b37f6fb57051221d5f081568cb773d332743

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1147aeb43c452f28cfb592867d7835e360d45924efe2af672fea2ff2a52f9ffc

    • Size

      58KB

    • MD5

      20e135cdc16d1205e4aad1cbec66dae3

    • SHA1

      bfcf9f8cfc069d4496f09fa038e4d03e6d41f82f

    • SHA256

      1147aeb43c452f28cfb592867d7835e360d45924efe2af672fea2ff2a52f9ffc

    • SHA512

      400e10a6638e53ba33ca6cf8e20d65cbfa9668d024f202621c8110db7c052dad8b93097b43e8b28a12c1eca36ee2b37f6fb57051221d5f081568cb773d332743

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks