Overview

overview

10

Static

static

14cf2be24c...12.exe

windows7_x64

10

14cf2be24c...12.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14cf2be24c452a873c90c1b8a5d511db15abdb74c5166be11fb11ea75cbe2812

  • Size

    36KB

  • Sample

    220212-fa6ldagah9

  • MD5

    def6a878a0eeb81ce0447437ff4460cb

  • SHA1

    5dff2632a06fded661e80ab6950bf8108bbafa64

  • SHA256

    14cf2be24c452a873c90c1b8a5d511db15abdb74c5166be11fb11ea75cbe2812

  • SHA512

    8e195899cd1589d415211f1ac85343df7311daf8d76c6433f29b6f65dc92deabc83f2750d3cf7f9fcd1751a7c99604c898d71a599d32cb45a167731817fce891

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14cf2be24c452a873c90c1b8a5d511db15abdb74c5166be11fb11ea75cbe2812

    • Size

      36KB

    • MD5

      def6a878a0eeb81ce0447437ff4460cb

    • SHA1

      5dff2632a06fded661e80ab6950bf8108bbafa64

    • SHA256

      14cf2be24c452a873c90c1b8a5d511db15abdb74c5166be11fb11ea75cbe2812

    • SHA512

      8e195899cd1589d415211f1ac85343df7311daf8d76c6433f29b6f65dc92deabc83f2750d3cf7f9fcd1751a7c99604c898d71a599d32cb45a167731817fce891

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks