Overview

overview

10

Static

static

10

58560834b0...2d.exe

windows7_x64

10

58560834b0...2d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d

  • Size

    89KB

  • Sample

    220121-3zbtmaebgr

  • MD5

    f8dbcfe4f826aa27724ccfd6b080b26d

  • SHA1

    24efba130f37ce6f5bdd9da13c12941422d9f3b0

  • SHA256

    58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d

  • SHA512

    26348520fbe4cd73ec95fe52886f51bbb89dac20ab7895fa3180e6fc15e616ec973d7fc23d315ba8e134fe7921e23a33d104071e8401df5858d4a3d991558632

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d

    • Size

      89KB

    • MD5

      f8dbcfe4f826aa27724ccfd6b080b26d

    • SHA1

      24efba130f37ce6f5bdd9da13c12941422d9f3b0

    • SHA256

      58560834b0a0089f012ddb201e1fdc8fd6133fd681621e70052dbb063030942d

    • SHA512

      26348520fbe4cd73ec95fe52886f51bbb89dac20ab7895fa3180e6fc15e616ec973d7fc23d315ba8e134fe7921e23a33d104071e8401df5858d4a3d991558632

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks