Overview

overview

10

Static

static

10

15a47fcc69...f2.exe

windows7_x64

10

15a47fcc69...f2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a47fcc690af040d2bafd78861dace418ada468a8006b5298a216c41be507f2

  • Size

    89KB

  • Sample

    220212-ev2x9afhd9

  • MD5

    723a2cf8e25f0b74dff1712d2b29fce0

  • SHA1

    b9ddb6c4e06751c8b360f3bd7191505b5c3e6e07

  • SHA256

    15a47fcc690af040d2bafd78861dace418ada468a8006b5298a216c41be507f2

  • SHA512

    69b3ea2b2ae55aa1d5a022145e8b9123aa8fa7efff84a9f408023281a8cb61e3c3ba2ba0a9d6d606905461cd3aa64fd2559ce210e1e550964ac05fe539def311

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15a47fcc690af040d2bafd78861dace418ada468a8006b5298a216c41be507f2

    • Size

      89KB

    • MD5

      723a2cf8e25f0b74dff1712d2b29fce0

    • SHA1

      b9ddb6c4e06751c8b360f3bd7191505b5c3e6e07

    • SHA256

      15a47fcc690af040d2bafd78861dace418ada468a8006b5298a216c41be507f2

    • SHA512

      69b3ea2b2ae55aa1d5a022145e8b9123aa8fa7efff84a9f408023281a8cb61e3c3ba2ba0a9d6d606905461cd3aa64fd2559ce210e1e550964ac05fe539def311

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks