Overview

overview

10

Static

static

1129233f52...ba.exe

windows7_x64

10

1129233f52...ba.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1129233f52e8a936500fa3b75baa13a1e5b631a90d3519acd02f30cdd33362ba

  • Size

    36KB

  • Sample

    220212-gpvyvsadbl

  • MD5

    bea9cc68f0ef6ad77ebcfc84617a3ed6

  • SHA1

    012468aa5c566e50fea0c6f4b15ee6a505e1be60

  • SHA256

    1129233f52e8a936500fa3b75baa13a1e5b631a90d3519acd02f30cdd33362ba

  • SHA512

    37cc6791c7b823758c5bb155ef92b431676b750f79eb988c09300dce802baf492ec25351fc0fb99c63b95eb4cbf38778bfb92ea743841e00e6d9ce16333f7127

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1129233f52e8a936500fa3b75baa13a1e5b631a90d3519acd02f30cdd33362ba

    • Size

      36KB

    • MD5

      bea9cc68f0ef6ad77ebcfc84617a3ed6

    • SHA1

      012468aa5c566e50fea0c6f4b15ee6a505e1be60

    • SHA256

      1129233f52e8a936500fa3b75baa13a1e5b631a90d3519acd02f30cdd33362ba

    • SHA512

      37cc6791c7b823758c5bb155ef92b431676b750f79eb988c09300dce802baf492ec25351fc0fb99c63b95eb4cbf38778bfb92ea743841e00e6d9ce16333f7127

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks