Overview

overview

10

Static

static

10

15a34270a9...cc.exe

windows7_x64

10

15a34270a9...cc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a34270a97dbb6257f3258ff2f6d3630dabd1c7a96c4479b8b3f4880c0aa7cc

  • Size

    176KB

  • Sample

    220212-ev43lsfhe2

  • MD5

    40eeb066c34543e7c83fc09b297bb42c

  • SHA1

    6b3c6926450cd6f5335d21cb0be504aaebf7c07a

  • SHA256

    15a34270a97dbb6257f3258ff2f6d3630dabd1c7a96c4479b8b3f4880c0aa7cc

  • SHA512

    a6c2d6257e8d43573eae5d11f6bf718f74ecb61a7dd784e30c83a8b20f8e34760242c9b54ca3588597f79b0e829b1f7d8182b4d6af28624c3d9b405685961f8e

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15a34270a97dbb6257f3258ff2f6d3630dabd1c7a96c4479b8b3f4880c0aa7cc

    • Size

      176KB

    • MD5

      40eeb066c34543e7c83fc09b297bb42c

    • SHA1

      6b3c6926450cd6f5335d21cb0be504aaebf7c07a

    • SHA256

      15a34270a97dbb6257f3258ff2f6d3630dabd1c7a96c4479b8b3f4880c0aa7cc

    • SHA512

      a6c2d6257e8d43573eae5d11f6bf718f74ecb61a7dd784e30c83a8b20f8e34760242c9b54ca3588597f79b0e829b1f7d8182b4d6af28624c3d9b405685961f8e

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks