Overview

overview

10

Static

static

10

1968ea4740...99.exe

windows7_x64

10

1968ea4740...99.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1968ea4740b45f99a34703ff6797a8338fb37e38930dc2818ff211793ed76499

  • Size

    176KB

  • Sample

    220212-da2lbagfdm

  • MD5

    f709326b43405c7eb7f521d9926e9086

  • SHA1

    b257701a4a30e39ac04aaf951c8c5c85404797d1

  • SHA256

    1968ea4740b45f99a34703ff6797a8338fb37e38930dc2818ff211793ed76499

  • SHA512

    04f84d9471335f4dfc249d7e8baf6eceb9a4034fa7efdb270488b29a209bfb98349056cf9230da09742f961ee00d85149e72a6fe28868ee5e9c5170c97eb42d1

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      1968ea4740b45f99a34703ff6797a8338fb37e38930dc2818ff211793ed76499

    • Size

      176KB

    • MD5

      f709326b43405c7eb7f521d9926e9086

    • SHA1

      b257701a4a30e39ac04aaf951c8c5c85404797d1

    • SHA256

      1968ea4740b45f99a34703ff6797a8338fb37e38930dc2818ff211793ed76499

    • SHA512

      04f84d9471335f4dfc249d7e8baf6eceb9a4034fa7efdb270488b29a209bfb98349056cf9230da09742f961ee00d85149e72a6fe28868ee5e9c5170c97eb42d1

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks