Overview

overview

10

Static

static

10

14524ae7e4...ee.exe

windows7_x64

10

14524ae7e4...ee.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14524ae7e417319ea3ad67b155282edb3e447efd89e348d43f8f1b07982bf4ee

  • Size

    100KB

  • Sample

    220212-ffs78sgbe4

  • MD5

    5d18c003d65ac42ce7b40e0ca0efc6c0

  • SHA1

    cbb287953aca194ae5bc9318701f49507923810a

  • SHA256

    14524ae7e417319ea3ad67b155282edb3e447efd89e348d43f8f1b07982bf4ee

  • SHA512

    bec8a4b76dac1b5676d574cd6a9c0a82d487febfd958ae68e8861b1a778125ec8ff38a00d7f4b6d30b82942e7d9ecb880d549669a8574a2dda8fcce2411c41f6

Score
10/10
sakulapersistencerattrojan

Malware Config

Targets

    • Target

      14524ae7e417319ea3ad67b155282edb3e447efd89e348d43f8f1b07982bf4ee

    • Size

      100KB

    • MD5

      5d18c003d65ac42ce7b40e0ca0efc6c0

    • SHA1

      cbb287953aca194ae5bc9318701f49507923810a

    • SHA256

      14524ae7e417319ea3ad67b155282edb3e447efd89e348d43f8f1b07982bf4ee

    • SHA512

      bec8a4b76dac1b5676d574cd6a9c0a82d487febfd958ae68e8861b1a778125ec8ff38a00d7f4b6d30b82942e7d9ecb880d549669a8574a2dda8fcce2411c41f6

    Score
    10/10
    sakulapersistencerattrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks