Overview

overview

10

Static

static

10

15315ad1a1...71.exe

windows7_x64

10

15315ad1a1...71.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15315ad1a1c64f20851edc4d18f7d3003e64b5fba4d53d23453af9f58b54ff71

  • Size

    92KB

  • Sample

    220212-e6nj1agad9

  • MD5

    457768975bbbc2ef2034824dde96a009

  • SHA1

    0a0e85f9231480c47f23bbc469d94176fdeed67d

  • SHA256

    15315ad1a1c64f20851edc4d18f7d3003e64b5fba4d53d23453af9f58b54ff71

  • SHA512

    afc93c82a8b366272a49b734a488c00c1f8edd789cd64b348e2b44df9301afd54379f220cbde4790a1ef56491d781bccad4d54dea0d785b11c414b689fa4f7ce

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15315ad1a1c64f20851edc4d18f7d3003e64b5fba4d53d23453af9f58b54ff71

    • Size

      92KB

    • MD5

      457768975bbbc2ef2034824dde96a009

    • SHA1

      0a0e85f9231480c47f23bbc469d94176fdeed67d

    • SHA256

      15315ad1a1c64f20851edc4d18f7d3003e64b5fba4d53d23453af9f58b54ff71

    • SHA512

      afc93c82a8b366272a49b734a488c00c1f8edd789cd64b348e2b44df9301afd54379f220cbde4790a1ef56491d781bccad4d54dea0d785b11c414b689fa4f7ce

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks