Overview

overview

10

Static

static

10

155d51d253...de.exe

windows7_x64

10

155d51d253...de.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    155d51d2534dfa31ab1873e7b1df4c18378045c5be13d46375b2c74489a835de

  • Size

    176KB

  • Sample

    220212-e1h3bshedj

  • MD5

    efe2c752dd5c4033852d16e66b374771

  • SHA1

    6b54d3eafe9fd10ad962df5765abcc2db5bcdb3e

  • SHA256

    155d51d2534dfa31ab1873e7b1df4c18378045c5be13d46375b2c74489a835de

  • SHA512

    cfd170a8eb0f39347ffdca40738c6675e08dbae38aba5a824aba4551c60a405652d654d3d7a30f620167789fcabd48debfa9763516c0c1d2b25badcfcd049a07

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      155d51d2534dfa31ab1873e7b1df4c18378045c5be13d46375b2c74489a835de

    • Size

      176KB

    • MD5

      efe2c752dd5c4033852d16e66b374771

    • SHA1

      6b54d3eafe9fd10ad962df5765abcc2db5bcdb3e

    • SHA256

      155d51d2534dfa31ab1873e7b1df4c18378045c5be13d46375b2c74489a835de

    • SHA512

      cfd170a8eb0f39347ffdca40738c6675e08dbae38aba5a824aba4551c60a405652d654d3d7a30f620167789fcabd48debfa9763516c0c1d2b25badcfcd049a07

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks