sakula | 18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6 | Triage

Submit
Reports

Overview

overview

Static

static

18c0abe356...c6.exe

windows7_x64

18c0abe356...c6.exe

windows10-2004_x64

Sharing

General

Target

18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6
Size

216KB
Sample

220212-djne2sggdp
MD5

5a07cc6277efe7cc6edb3b184b2a1e59
SHA1

c3ace9b7fb1310f614b98d6c0f5e96ff4bece8cb
SHA256

18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6
SHA512

50e1a5ea9f3c328eed8b9065c84e3c26abfe7f2805e113eab876c70506501293c06ac6f97343b1a509ea0e457e9c1e641939b4cac55dc4213a337704b845367c

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6.exe

Resource

win10v2004-en-20220113

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6
- Size
  
  216KB
- MD5
  
  5a07cc6277efe7cc6edb3b184b2a1e59
- SHA1
  
  c3ace9b7fb1310f614b98d6c0f5e96ff4bece8cb
- SHA256
  
  18c0abe35667a81e4ed7a13a29567dd102e7e90b0b4c995a6af6ac0a44a83dc6
- SHA512
  
  50e1a5ea9f3c328eed8b9065c84e3c26abfe7f2805e113eab876c70506501293c06ac6f97343b1a509ea0e457e9c1e641939b4cac55dc4213a337704b845367c
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy