sakula | 178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5 | Triage

Submit
Reports

Overview

overview

Static

static

178bbd4e2c...e5.exe

windows7_x64

178bbd4e2c...e5.exe

windows10-2004_x64

Sharing

General

Target

178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5
Size

176KB
Sample

220212-d1y8wahacq
MD5

d207063cb61319c0b975cf25265aaeac
SHA1

c0031871ec1d757838d21e61672401772ddbb3db
SHA256

178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5
SHA512

aaa105b1a39a6c9f17f83010229f5f6d2eb425a1b75e38f53aea49a53e9a8bc0f44b9ec52c188030b11ac60950682b0a1ae3a193396f90351d7f7039172fb946

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5.exe

Resource

win10v2004-en-20220113

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5
- Size
  
  176KB
- MD5
  
  d207063cb61319c0b975cf25265aaeac
- SHA1
  
  c0031871ec1d757838d21e61672401772ddbb3db
- SHA256
  
  178bbd4e2c03e0398088422a4dbcc9ce2e2133a178254e8ce5c6eed51e726ce5
- SHA512
  
  aaa105b1a39a6c9f17f83010229f5f6d2eb425a1b75e38f53aea49a53e9a8bc0f44b9ec52c188030b11ac60950682b0a1ae3a193396f90351d7f7039172fb946
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy