Overview

overview

10

Static

static

10

15a4b6c379...c9.exe

windows7_x64

10

15a4b6c379...c9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15a4b6c379bcd3c896d474fbc2760e23f96c3a23ad93a3e9ba4aea01758f8ac9

  • Size

    104KB

  • Sample

    220212-evz4nafhd8

  • MD5

    81d356647a59f9c07470b19d926f275a

  • SHA1

    01713cf6de30480c037f8be0279545f99900c367

  • SHA256

    15a4b6c379bcd3c896d474fbc2760e23f96c3a23ad93a3e9ba4aea01758f8ac9

  • SHA512

    933714a5212d70dc59c3a8013d7564fafeb4507cc5fc2fb51216f079b9ec04e1aebf580549eff0e6d5171f1e3b80480c5e260344a13c22d4c75265c879004f78

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15a4b6c379bcd3c896d474fbc2760e23f96c3a23ad93a3e9ba4aea01758f8ac9

    • Size

      104KB

    • MD5

      81d356647a59f9c07470b19d926f275a

    • SHA1

      01713cf6de30480c037f8be0279545f99900c367

    • SHA256

      15a4b6c379bcd3c896d474fbc2760e23f96c3a23ad93a3e9ba4aea01758f8ac9

    • SHA512

      933714a5212d70dc59c3a8013d7564fafeb4507cc5fc2fb51216f079b9ec04e1aebf580549eff0e6d5171f1e3b80480c5e260344a13c22d4c75265c879004f78

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks