Overview

overview

10

Static

static

10

170705d2fe...a6.exe

windows7_x64

10

170705d2fe...a6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    170705d2fef50e5956c0e20aadf9f88f5d461c7fe6c53203fce3ccf04ea805a6

  • Size

    176KB

  • Sample

    220212-d8lmrahbbp

  • MD5

    22a57765bb828e2f16f50643ac7cfb0f

  • SHA1

    4b5626d98436af5809e03b71da4461775576e572

  • SHA256

    170705d2fef50e5956c0e20aadf9f88f5d461c7fe6c53203fce3ccf04ea805a6

  • SHA512

    2c282c00c50adabf519e9008f49b45fcf1de5d6af6a09f1573ae93ad2e793a03fd77b0b87c86d8465eeaf64f331150abf47d1f97b16d1a61990f08ef36b2396c

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      170705d2fef50e5956c0e20aadf9f88f5d461c7fe6c53203fce3ccf04ea805a6

    • Size

      176KB

    • MD5

      22a57765bb828e2f16f50643ac7cfb0f

    • SHA1

      4b5626d98436af5809e03b71da4461775576e572

    • SHA256

      170705d2fef50e5956c0e20aadf9f88f5d461c7fe6c53203fce3ccf04ea805a6

    • SHA512

      2c282c00c50adabf519e9008f49b45fcf1de5d6af6a09f1573ae93ad2e793a03fd77b0b87c86d8465eeaf64f331150abf47d1f97b16d1a61990f08ef36b2396c

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks