General
-
Target
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d
-
Size
150KB
-
Sample
220212-ebmn8ahbem
-
MD5
75cb4f8b882a933ddd6f5374523e3c3a
-
SHA1
050e2475b0ec72da8e1db082a645b4f889b4095a
-
SHA256
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d
-
SHA512
a463097a0183d30e2b243d793e9b4992560faab8ae52384840ccfd10b07848d74dfe6a7cd4a82454784919f86e822f009f009a25906794e8e6dc373d68ce51cb
Static task
static1
Behavioral task
behavioral1
Sample
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d
-
Size
150KB
-
MD5
75cb4f8b882a933ddd6f5374523e3c3a
-
SHA1
050e2475b0ec72da8e1db082a645b4f889b4095a
-
SHA256
16d65a39c8b640d539450f57f0fb8b76537597ecf3f784b976a33f4d2a35e60d
-
SHA512
a463097a0183d30e2b243d793e9b4992560faab8ae52384840ccfd10b07848d74dfe6a7cd4a82454784919f86e822f009f009a25906794e8e6dc373d68ce51cb
Score10/10-
Sakula Payload
-
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-