Overview

overview

10

Static

static

10

177e703a68...09.exe

windows7_x64

10

177e703a68...09.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    177e703a68de3b6a4a16e6edfd872ccf19df818e576ceea44e70ca9c10284209

  • Size

    220KB

  • Sample

    220212-d2aa5shadm

  • MD5

    dc3853de9b041682bd162c573fe10b58

  • SHA1

    26271116d67b71225b9a30cd815b2df5ae3e9db4

  • SHA256

    177e703a68de3b6a4a16e6edfd872ccf19df818e576ceea44e70ca9c10284209

  • SHA512

    efe65ecd267e82b6b1e9a93ee57951d661359638cbcf04befdad1fb454d3203f194597f880f535672fed4e0b381154db9153f018731dbcc95e33b7f63efdd81d

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      177e703a68de3b6a4a16e6edfd872ccf19df818e576ceea44e70ca9c10284209

    • Size

      220KB

    • MD5

      dc3853de9b041682bd162c573fe10b58

    • SHA1

      26271116d67b71225b9a30cd815b2df5ae3e9db4

    • SHA256

      177e703a68de3b6a4a16e6edfd872ccf19df818e576ceea44e70ca9c10284209

    • SHA512

      efe65ecd267e82b6b1e9a93ee57951d661359638cbcf04befdad1fb454d3203f194597f880f535672fed4e0b381154db9153f018731dbcc95e33b7f63efdd81d

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks