Overview

overview

10

Static

static

10

170886839f...d6.exe

windows7_x64

10

170886839f...d6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170886839f5b6494a7cb83aea4b7f7aaabf8c5c74cfaedfe0194cd7070a69ed6

  • Size

    92KB

  • Sample

    220212-d8gnsshbbl

  • MD5

    856cd3e514f29f3befd0bc6f4e4f3d9d

  • SHA1

    d3286fbebc645ca23309dc314d953925311ed661

  • SHA256

    170886839f5b6494a7cb83aea4b7f7aaabf8c5c74cfaedfe0194cd7070a69ed6

  • SHA512

    1b465bcf63e31b9d336013c6f8fe80798753290c5e30665017a4b0a8f424af2715bba44e45241ba21a4aa16e86da62bf50e329dc2dd0146c3647d4bba84badf4

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      170886839f5b6494a7cb83aea4b7f7aaabf8c5c74cfaedfe0194cd7070a69ed6

    • Size

      92KB

    • MD5

      856cd3e514f29f3befd0bc6f4e4f3d9d

    • SHA1

      d3286fbebc645ca23309dc314d953925311ed661

    • SHA256

      170886839f5b6494a7cb83aea4b7f7aaabf8c5c74cfaedfe0194cd7070a69ed6

    • SHA512

      1b465bcf63e31b9d336013c6f8fe80798753290c5e30665017a4b0a8f424af2715bba44e45241ba21a4aa16e86da62bf50e329dc2dd0146c3647d4bba84badf4

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks