Overview

overview

10

Static

static

10

14a2771734...6f.exe

windows7_x64

10

14a2771734...6f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14a2771734b1c40cecb4cf74ac06eb1a4c89b80a61d87d0b51152d7852ba656f

  • Size

    101KB

  • Sample

    220212-fc6zxsgbb9

  • MD5

    d0fac94ca7cf83fd6ebf6cc96a2342ed

  • SHA1

    839311069e27fef062192c4ade8efbd3ac63a158

  • SHA256

    14a2771734b1c40cecb4cf74ac06eb1a4c89b80a61d87d0b51152d7852ba656f

  • SHA512

    55689dde85ee6c9b26d6f5abeb434df4d49b31d2b2e996734fe35925c5e1cb8b41dca3babd2195b1049ade576be9fb59a0117dfeb67ec6a2e9c6b22fe3c7447a

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14a2771734b1c40cecb4cf74ac06eb1a4c89b80a61d87d0b51152d7852ba656f

    • Size

      101KB

    • MD5

      d0fac94ca7cf83fd6ebf6cc96a2342ed

    • SHA1

      839311069e27fef062192c4ade8efbd3ac63a158

    • SHA256

      14a2771734b1c40cecb4cf74ac06eb1a4c89b80a61d87d0b51152d7852ba656f

    • SHA512

      55689dde85ee6c9b26d6f5abeb434df4d49b31d2b2e996734fe35925c5e1cb8b41dca3babd2195b1049ade576be9fb59a0117dfeb67ec6a2e9c6b22fe3c7447a

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks