Overview

overview

10

Static

static

10

2562025023...b8.exe

windows7_x64

10

2562025023...b8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8

  • Size

    89KB

  • Sample

    220130-wltzqafhbl

  • MD5

    64201ec97467910e74f40140c4aaa5ce

  • SHA1

    98ebfabfae701dc7e6e7400356a5bb5a5c373ec8

  • SHA256

    25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8

  • SHA512

    896017e88ce927e4784f622086e4b2f236d64e56ce9a4c70ebe2a64d137038d3a9ec9be104d16a6b963d4235682b9f57701ef900b9e0b5d23c3cf1d19273d369

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8

    • Size

      89KB

    • MD5

      64201ec97467910e74f40140c4aaa5ce

    • SHA1

      98ebfabfae701dc7e6e7400356a5bb5a5c373ec8

    • SHA256

      25620250231753f08e62b21d998095572c5ab8dafe99a4a0016ebaab64593bb8

    • SHA512

      896017e88ce927e4784f622086e4b2f236d64e56ce9a4c70ebe2a64d137038d3a9ec9be104d16a6b963d4235682b9f57701ef900b9e0b5d23c3cf1d19273d369

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks