Overview

overview

10

Static

static

10

ccf1dd2cd1...b6.exe

windows7_x64

10

ccf1dd2cd1...b6.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6

  • Size

    89KB

  • Sample

    220122-ba9ktagcaj

  • MD5

    b4e24a4edba2d2644877cfc933973228

  • SHA1

    2abab34395c5754383dea6cf00fa7ab4c410a6ef

  • SHA256

    ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6

  • SHA512

    3da7a0646f975c0e6c968ae888cd7b5bad2f7d4dafbd35c14a4b939e8801fa45cb6585838d80429d3fed6fd31161cd64d3b0159aefa32d39a5a4bb3931244a32

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6

    • Size

      89KB

    • MD5

      b4e24a4edba2d2644877cfc933973228

    • SHA1

      2abab34395c5754383dea6cf00fa7ab4c410a6ef

    • SHA256

      ccf1dd2cd1f266006b2e70ab613bdd007fc03018c661f575d028443055d743b6

    • SHA512

      3da7a0646f975c0e6c968ae888cd7b5bad2f7d4dafbd35c14a4b939e8801fa45cb6585838d80429d3fed6fd31161cd64d3b0159aefa32d39a5a4bb3931244a32

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks