Overview

overview

10

Static

static

10

160c2bb60c...65.exe

windows7_x64

10

160c2bb60c...65.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    160c2bb60c893f48de537a96ac9b92235e2a3f57244e54d62bdc26f921ff4665

  • Size

    176KB

  • Sample

    220212-en8r8ahdal

  • MD5

    9e5647e52578d0b884887141ea007689

  • SHA1

    ff0879bbafcdc231981d5477def28a75ea1c0516

  • SHA256

    160c2bb60c893f48de537a96ac9b92235e2a3f57244e54d62bdc26f921ff4665

  • SHA512

    2ece8dd7646e88a9d69dfa2b3dab09bad0851cc6debf8b5d848818295d4d1bf68a8f1908443b2fa47f8ecdac0fea259e2e8e03be60c62b70837dce6c7f7943e1

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      160c2bb60c893f48de537a96ac9b92235e2a3f57244e54d62bdc26f921ff4665

    • Size

      176KB

    • MD5

      9e5647e52578d0b884887141ea007689

    • SHA1

      ff0879bbafcdc231981d5477def28a75ea1c0516

    • SHA256

      160c2bb60c893f48de537a96ac9b92235e2a3f57244e54d62bdc26f921ff4665

    • SHA512

      2ece8dd7646e88a9d69dfa2b3dab09bad0851cc6debf8b5d848818295d4d1bf68a8f1908443b2fa47f8ecdac0fea259e2e8e03be60c62b70837dce6c7f7943e1

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks