Overview

overview

10

Static

static

10

1514a81c2b...f9.exe

windows7_x64

10

1514a81c2b...f9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1514a81c2bfb48089b44c395addad629a73756ecc00fe01ae4af078d18044ff9

  • Size

    150KB

  • Sample

    220212-e7zcwshehr

  • MD5

    00e9fcdb6930e32f956221b629c4a1ba

  • SHA1

    31739624b0f87d4fca8d79a761cbb0d59d6370c2

  • SHA256

    1514a81c2bfb48089b44c395addad629a73756ecc00fe01ae4af078d18044ff9

  • SHA512

    0efab9d141ddeac5b9aa7a688c2580b6918a08d18e7cd8b3203a18ebb9e1d0bac7e530f4fc7a63195863cfbdc138c09e1e8f94ab2c6440dded57054b87e7834a

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      1514a81c2bfb48089b44c395addad629a73756ecc00fe01ae4af078d18044ff9

    • Size

      150KB

    • MD5

      00e9fcdb6930e32f956221b629c4a1ba

    • SHA1

      31739624b0f87d4fca8d79a761cbb0d59d6370c2

    • SHA256

      1514a81c2bfb48089b44c395addad629a73756ecc00fe01ae4af078d18044ff9

    • SHA512

      0efab9d141ddeac5b9aa7a688c2580b6918a08d18e7cd8b3203a18ebb9e1d0bac7e530f4fc7a63195863cfbdc138c09e1e8f94ab2c6440dded57054b87e7834a

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks