Overview

overview

10

Static

static

1614fc2f05...ad.exe

windows7_x64

10

1614fc2f05...ad.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1614fc2f05af30bcf54350577d0238aa8c1fb8226739117a67705be39f5213ad

  • Size

    60KB

  • Sample

    220212-enppcafgf4

  • MD5

    61333cc7ea5827b46ea1e5ae43ca0d36

  • SHA1

    0a3fd17046b82ba19b0c917a4d98507fea8cce0f

  • SHA256

    1614fc2f05af30bcf54350577d0238aa8c1fb8226739117a67705be39f5213ad

  • SHA512

    821caeb60db53cd77192d9fba41ca925cf3e13ac2cb7cd6e2ffb5856e2931899e648b66a2d0e936df38b5ed0d6c6050887ec68e13024c5182144bc8caf2066cf

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      1614fc2f05af30bcf54350577d0238aa8c1fb8226739117a67705be39f5213ad

    • Size

      60KB

    • MD5

      61333cc7ea5827b46ea1e5ae43ca0d36

    • SHA1

      0a3fd17046b82ba19b0c917a4d98507fea8cce0f

    • SHA256

      1614fc2f05af30bcf54350577d0238aa8c1fb8226739117a67705be39f5213ad

    • SHA512

      821caeb60db53cd77192d9fba41ca925cf3e13ac2cb7cd6e2ffb5856e2931899e648b66a2d0e936df38b5ed0d6c6050887ec68e13024c5182144bc8caf2066cf

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks