Overview

overview

10

Static

static

10

19681ebb79...cc.exe

windows7_x64

10

19681ebb79...cc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19681ebb797db64147bdcddc896e1044f9a772aa07e755b6a6be2dde2aa4b2cc

  • Size

    216KB

  • Sample

    220212-da4qnsgfdn

  • MD5

    190dab06c6869e7b16e8321aa04545e7

  • SHA1

    0e2eff3575cbf70349996049559a312757a195e6

  • SHA256

    19681ebb797db64147bdcddc896e1044f9a772aa07e755b6a6be2dde2aa4b2cc

  • SHA512

    1b949def5f5a93e543cd6e30c223eb37440dd6477a6d67afbf67fad48964a5960d3327078daa03f8ee89e2a61c7a6cb26cacb72a71704f499a2aa6ef4e5877b7

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      19681ebb797db64147bdcddc896e1044f9a772aa07e755b6a6be2dde2aa4b2cc

    • Size

      216KB

    • MD5

      190dab06c6869e7b16e8321aa04545e7

    • SHA1

      0e2eff3575cbf70349996049559a312757a195e6

    • SHA256

      19681ebb797db64147bdcddc896e1044f9a772aa07e755b6a6be2dde2aa4b2cc

    • SHA512

      1b949def5f5a93e543cd6e30c223eb37440dd6477a6d67afbf67fad48964a5960d3327078daa03f8ee89e2a61c7a6cb26cacb72a71704f499a2aa6ef4e5877b7

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks