Overview

overview

10

Static

static

0713a413ab...f5.exe

windows7_x64

10

0713a413ab...f5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0713a413abb066887e42b2dc4b31a8e642c73095240923461b6d2b1af4c4d1f5

  • Size

    58KB

  • Sample

    220212-mh9fkachbj

  • MD5

    a247acd3c6aba04d8306b2bfbe669f16

  • SHA1

    72719f94a499f7886c304a1f53fb7bc1d129f317

  • SHA256

    0713a413abb066887e42b2dc4b31a8e642c73095240923461b6d2b1af4c4d1f5

  • SHA512

    98323ad422cb05e4c3fbd3d1cf303651757e924891ef50cf993effe22d939ac6e884487277b8b8c302f1ea16075abab33566c52ceb6483a2645a6ce4b0581215

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      0713a413abb066887e42b2dc4b31a8e642c73095240923461b6d2b1af4c4d1f5

    • Size

      58KB

    • MD5

      a247acd3c6aba04d8306b2bfbe669f16

    • SHA1

      72719f94a499f7886c304a1f53fb7bc1d129f317

    • SHA256

      0713a413abb066887e42b2dc4b31a8e642c73095240923461b6d2b1af4c4d1f5

    • SHA512

      98323ad422cb05e4c3fbd3d1cf303651757e924891ef50cf993effe22d939ac6e884487277b8b8c302f1ea16075abab33566c52ceb6483a2645a6ce4b0581215

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks