Overview

overview

10

Static

static

10

18955ac285...1a.exe

windows7_x64

10

18955ac285...1a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18955ac2856a845a5684aa36678f964c2278767d19129306908f846c15b26f1a

  • Size

    212KB

  • Sample

    220212-dlvxxaggfq

  • MD5

    357676eee9b4f2810c71f4e39c35e171

  • SHA1

    07f662e809d6d8d71a329c82e0d0da58915c9254

  • SHA256

    18955ac2856a845a5684aa36678f964c2278767d19129306908f846c15b26f1a

  • SHA512

    48c322dd28f31ea6bc6d7e286c82da4a4352eada22137a4e0151015a25553d221a09f0fecc134a46ecda68d9b43150168cd9bf355c590e1150f18ccea219873a

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      18955ac2856a845a5684aa36678f964c2278767d19129306908f846c15b26f1a

    • Size

      212KB

    • MD5

      357676eee9b4f2810c71f4e39c35e171

    • SHA1

      07f662e809d6d8d71a329c82e0d0da58915c9254

    • SHA256

      18955ac2856a845a5684aa36678f964c2278767d19129306908f846c15b26f1a

    • SHA512

      48c322dd28f31ea6bc6d7e286c82da4a4352eada22137a4e0151015a25553d221a09f0fecc134a46ecda68d9b43150168cd9bf355c590e1150f18ccea219873a

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks