Overview

overview

10

Static

static

10

15c3a50c17...d6.exe

windows7_x64

10

15c3a50c17...d6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6

  • Size

    89KB

  • Sample

    220212-eth4rafhc3

  • MD5

    c4fff953e8bac82ec7abb433c5f377ec

  • SHA1

    598d9cb35e7d90f8895077c0797606f21fd36caf

  • SHA256

    15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6

  • SHA512

    f05b7afe3d258cc73a9576dd418b1aba08905ced36a640d071d3c978e54bbce236f493db8083ed5e47b42d6f6cf90368816b5624d8d6a330f242eb0b95e28a16

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6

    • Size

      89KB

    • MD5

      c4fff953e8bac82ec7abb433c5f377ec

    • SHA1

      598d9cb35e7d90f8895077c0797606f21fd36caf

    • SHA256

      15c3a50c17a174cd6610c7d1519e40b5d8f8a34cf3a925142fdd6929c9e467d6

    • SHA512

      f05b7afe3d258cc73a9576dd418b1aba08905ced36a640d071d3c978e54bbce236f493db8083ed5e47b42d6f6cf90368816b5624d8d6a330f242eb0b95e28a16

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks