Overview

overview

10

Static

static

14bbe4b24c...19.exe

windows7_x64

10

14bbe4b24c...19.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14bbe4b24cedd4550fd8d7b11b84dcb44f138edfd42db4b3b5ca49234de7fb19

  • Size

    35KB

  • Sample

    220212-fb5qgahfdr

  • MD5

    01c89e8c1ea0bac0259c7a1fcb4b9307

  • SHA1

    621c8fe72fa03feb91fbe58454832f7ac9e33c11

  • SHA256

    14bbe4b24cedd4550fd8d7b11b84dcb44f138edfd42db4b3b5ca49234de7fb19

  • SHA512

    351c02d6be4baf7f0d9a3dec21236358f97784115df8d8880a1ff416475903e152f310082e4b8fd82d0556135a5f6ec2fcfba7b213eec98b5d48f191a4d2cbc5

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14bbe4b24cedd4550fd8d7b11b84dcb44f138edfd42db4b3b5ca49234de7fb19

    • Size

      35KB

    • MD5

      01c89e8c1ea0bac0259c7a1fcb4b9307

    • SHA1

      621c8fe72fa03feb91fbe58454832f7ac9e33c11

    • SHA256

      14bbe4b24cedd4550fd8d7b11b84dcb44f138edfd42db4b3b5ca49234de7fb19

    • SHA512

      351c02d6be4baf7f0d9a3dec21236358f97784115df8d8880a1ff416475903e152f310082e4b8fd82d0556135a5f6ec2fcfba7b213eec98b5d48f191a4d2cbc5

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks