Overview

overview

10

Static

static

10

14c09b3bc4...2e.exe

windows7_x64

10

14c09b3bc4...2e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14c09b3bc43268d5756532d1445fa4b424d41c80f54f70628bcb5a0837803c2e

  • Size

    176KB

  • Sample

    220212-fb3wwagba8

  • MD5

    c34b797d0e9a7e3ce3a381088790bcfb

  • SHA1

    f7b4fe6768cdaa383f563289960b6eb7e9d9d097

  • SHA256

    14c09b3bc43268d5756532d1445fa4b424d41c80f54f70628bcb5a0837803c2e

  • SHA512

    70abc1ff75a665d98821c15f0ff13138e8f16cef51052f2d63862f3e11d8f61d00e3489b668f8265ac386926c20aa49e1b0a6c0a49f76a05847eb11239afcaa4

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14c09b3bc43268d5756532d1445fa4b424d41c80f54f70628bcb5a0837803c2e

    • Size

      176KB

    • MD5

      c34b797d0e9a7e3ce3a381088790bcfb

    • SHA1

      f7b4fe6768cdaa383f563289960b6eb7e9d9d097

    • SHA256

      14c09b3bc43268d5756532d1445fa4b424d41c80f54f70628bcb5a0837803c2e

    • SHA512

      70abc1ff75a665d98821c15f0ff13138e8f16cef51052f2d63862f3e11d8f61d00e3489b668f8265ac386926c20aa49e1b0a6c0a49f76a05847eb11239afcaa4

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks