Overview

overview

10

Static

static

154d6cd36c...5f.exe

windows7_x64

10

154d6cd36c...5f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    154d6cd36c6b11cc4ac4cb7d5a7f1ce7e29b4f3be5a11c4672e9168828c7ac5f

  • Size

    36KB

  • Sample

    220212-e2syxsgac2

  • MD5

    823a94ae4dd49566f4df7b7523bb5c99

  • SHA1

    7dc0752bc195df48613710af9dd427f55a448225

  • SHA256

    154d6cd36c6b11cc4ac4cb7d5a7f1ce7e29b4f3be5a11c4672e9168828c7ac5f

  • SHA512

    e7997744eb62cb568f476bcf244035ebeaa5308d196ecb9c04ab5408cf9c9bc65d94a077d1aa41a9fd59cbf105aa6209e09fa5359699d09e3ccc444a785878b3

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      154d6cd36c6b11cc4ac4cb7d5a7f1ce7e29b4f3be5a11c4672e9168828c7ac5f

    • Size

      36KB

    • MD5

      823a94ae4dd49566f4df7b7523bb5c99

    • SHA1

      7dc0752bc195df48613710af9dd427f55a448225

    • SHA256

      154d6cd36c6b11cc4ac4cb7d5a7f1ce7e29b4f3be5a11c4672e9168828c7ac5f

    • SHA512

      e7997744eb62cb568f476bcf244035ebeaa5308d196ecb9c04ab5408cf9c9bc65d94a077d1aa41a9fd59cbf105aa6209e09fa5359699d09e3ccc444a785878b3

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks