Overview

overview

10

Static

static

10

1520879212...14.exe

windows7_x64

10

1520879212...14.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15208792120d83ef416d4fd2a33a515fe62af6c232db7796c7aa7946cc672b14

  • Size

    191KB

  • Sample

    220212-e7ptfshehm

  • MD5

    7d0c23ce5ebad7279f74898ff5485ae8

  • SHA1

    b2bf4decf6dda33e62d70bda8fff7e8fbd845a98

  • SHA256

    15208792120d83ef416d4fd2a33a515fe62af6c232db7796c7aa7946cc672b14

  • SHA512

    bf4596c5562bbbc99c9bcf11163efa7c3d2abac7e58547b21045ea1bbeafde6a72f91df100381810f3e7b67a8d085e74b141d94a4a83e8840a8d8641e1ea24ae

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15208792120d83ef416d4fd2a33a515fe62af6c232db7796c7aa7946cc672b14

    • Size

      191KB

    • MD5

      7d0c23ce5ebad7279f74898ff5485ae8

    • SHA1

      b2bf4decf6dda33e62d70bda8fff7e8fbd845a98

    • SHA256

      15208792120d83ef416d4fd2a33a515fe62af6c232db7796c7aa7946cc672b14

    • SHA512

      bf4596c5562bbbc99c9bcf11163efa7c3d2abac7e58547b21045ea1bbeafde6a72f91df100381810f3e7b67a8d085e74b141d94a4a83e8840a8d8641e1ea24ae

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks