Overview

overview

10

Static

static

10

72cf8d30db...77.exe

windows7_x64

10

72cf8d30db...77.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277

  • Size

    89KB

  • Sample

    220122-bl9pysggcp

  • MD5

    a33c6daba951f7c9a30d69b5e1e58af9

  • SHA1

    1513023202ef672c565f14b98c48ea79bb57e881

  • SHA256

    72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277

  • SHA512

    20458f88c5735f76aa0ed95de6753acd41d7630e62cd89d0f9c9c9ea7e3e9f15d1e0dad642ff15d6ac0969ccc6393f1c6f9409d0c272de4b114a3b7c5aabf985

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277

    • Size

      89KB

    • MD5

      a33c6daba951f7c9a30d69b5e1e58af9

    • SHA1

      1513023202ef672c565f14b98c48ea79bb57e881

    • SHA256

      72cf8d30db4d3625c158fa8d9c57187cd50fdbe31c41592fde5126f3170bd277

    • SHA512

      20458f88c5735f76aa0ed95de6753acd41d7630e62cd89d0f9c9c9ea7e3e9f15d1e0dad642ff15d6ac0969ccc6393f1c6f9409d0c272de4b114a3b7c5aabf985

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks