Overview

overview

10

Static

static

10

15ecd5a128...e6.exe

windows7_x64

10

15ecd5a128...e6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15ecd5a1280d7095e100a28c61e419a265d58e42fc63c4471c9d9b1084892ae6

  • Size

    80KB

  • Sample

    220212-eqxgzahdbq

  • MD5

    78b54aa038d21d1f429ec52c20617e5f

  • SHA1

    dfbdb5fd9a2e7af085f65988278e9abc1c49585c

  • SHA256

    15ecd5a1280d7095e100a28c61e419a265d58e42fc63c4471c9d9b1084892ae6

  • SHA512

    5f6bb73400c725a84503e7186fe31c5d948d501e805c784333ac2398ff3b316360e312045640c063832926177f550ad7f7320935a39c01bb06ca7d5710049711

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15ecd5a1280d7095e100a28c61e419a265d58e42fc63c4471c9d9b1084892ae6

    • Size

      80KB

    • MD5

      78b54aa038d21d1f429ec52c20617e5f

    • SHA1

      dfbdb5fd9a2e7af085f65988278e9abc1c49585c

    • SHA256

      15ecd5a1280d7095e100a28c61e419a265d58e42fc63c4471c9d9b1084892ae6

    • SHA512

      5f6bb73400c725a84503e7186fe31c5d948d501e805c784333ac2398ff3b316360e312045640c063832926177f550ad7f7320935a39c01bb06ca7d5710049711

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks