Overview

overview

10

Static

static

15794af312...90.exe

windows7_x64

10

15794af312...90.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15794af312d736e0ec89c9f7c39c219f0abe867bc10b7131f5ae9a2cf9feb390

  • Size

    58KB

  • Sample

    220212-eyks5sfhg4

  • MD5

    629d7568d5e323480598acd7f7679670

  • SHA1

    45a2b1a92c54ceac814f63890bf1de7e44349155

  • SHA256

    15794af312d736e0ec89c9f7c39c219f0abe867bc10b7131f5ae9a2cf9feb390

  • SHA512

    ec94f7414c079ea57a553974c5f0de48fbff71315fd80d33716ff4ddd26b119fcd601f6d2241cd6ced1200846fe39e319c7bf920f442f33dda60d3618ccb5943

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      15794af312d736e0ec89c9f7c39c219f0abe867bc10b7131f5ae9a2cf9feb390

    • Size

      58KB

    • MD5

      629d7568d5e323480598acd7f7679670

    • SHA1

      45a2b1a92c54ceac814f63890bf1de7e44349155

    • SHA256

      15794af312d736e0ec89c9f7c39c219f0abe867bc10b7131f5ae9a2cf9feb390

    • SHA512

      ec94f7414c079ea57a553974c5f0de48fbff71315fd80d33716ff4ddd26b119fcd601f6d2241cd6ced1200846fe39e319c7bf920f442f33dda60d3618ccb5943

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks