Overview

overview

10

Static

static

15a3344414...38.exe

windows7_x64

10

15a3344414...38.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a3344414adb39d6366a94d6051d2067673befee34cd973542cc17889bed738

  • Size

    36KB

  • Sample

    220212-ev67zahdgp

  • MD5

    488e414f61397eea6de7345d53a1d665

  • SHA1

    03198a5e6993cefdbad13a7f25547b13b3305971

  • SHA256

    15a3344414adb39d6366a94d6051d2067673befee34cd973542cc17889bed738

  • SHA512

    30b6ae1fe2b6503b851287360ebabf8ac5cd827114d12ef329e2ccf83167dd4743f6e2ceb769e76ee30520ffc4735c3a673c4eb0552369770177fbedb04d7e5c

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15a3344414adb39d6366a94d6051d2067673befee34cd973542cc17889bed738

    • Size

      36KB

    • MD5

      488e414f61397eea6de7345d53a1d665

    • SHA1

      03198a5e6993cefdbad13a7f25547b13b3305971

    • SHA256

      15a3344414adb39d6366a94d6051d2067673befee34cd973542cc17889bed738

    • SHA512

      30b6ae1fe2b6503b851287360ebabf8ac5cd827114d12ef329e2ccf83167dd4743f6e2ceb769e76ee30520ffc4735c3a673c4eb0552369770177fbedb04d7e5c

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks