Overview

overview

10

Static

static

10

15290561b5...6f.exe

windows7_x64

10

15290561b5...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15290561b5e2b4aeb5fc40d42ef33c2ed8972da1c7490e822b804c8fabee5a6f

  • Size

    101KB

  • Sample

    220212-e7ba3ahegr

  • MD5

    45f7ae75285860bdf287a4aff7fa4eef

  • SHA1

    2110001e2057213a5493d270197d80329ee917f7

  • SHA256

    15290561b5e2b4aeb5fc40d42ef33c2ed8972da1c7490e822b804c8fabee5a6f

  • SHA512

    f47d9bcf5a45927ea03098d86dea791ecb8ad9002dcc786909f67ba7bcbb001c8b62a817ff69fed0f05f63cc66bfa1217f4363af5a0729784aec970926ce6e3c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15290561b5e2b4aeb5fc40d42ef33c2ed8972da1c7490e822b804c8fabee5a6f

    • Size

      101KB

    • MD5

      45f7ae75285860bdf287a4aff7fa4eef

    • SHA1

      2110001e2057213a5493d270197d80329ee917f7

    • SHA256

      15290561b5e2b4aeb5fc40d42ef33c2ed8972da1c7490e822b804c8fabee5a6f

    • SHA512

      f47d9bcf5a45927ea03098d86dea791ecb8ad9002dcc786909f67ba7bcbb001c8b62a817ff69fed0f05f63cc66bfa1217f4363af5a0729784aec970926ce6e3c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks