Overview

overview

10

Static

static

10

157ffa9467...4f.exe

windows7_x64

10

157ffa9467...4f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    157ffa946796f8d5bf6ce129e7954e05311bf4bc115a08ba72fe1185c52e354f

  • Size

    89KB

  • Sample

    220212-ex3bsshear

  • MD5

    f31ad30e246c00a5aa1943b2d75b3bf7

  • SHA1

    30e3cc56fe0422e7e3b0031235c88bca888a6382

  • SHA256

    157ffa946796f8d5bf6ce129e7954e05311bf4bc115a08ba72fe1185c52e354f

  • SHA512

    5d5078e23bf3c99442f75e23785f6680b6b438efcca3c700b84c09e639ff5c3ca46bb0595d35fb04a8a9fc0e1ef363e0e25f79aa2fa5e6785d70aa174a2127ac

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      157ffa946796f8d5bf6ce129e7954e05311bf4bc115a08ba72fe1185c52e354f

    • Size

      89KB

    • MD5

      f31ad30e246c00a5aa1943b2d75b3bf7

    • SHA1

      30e3cc56fe0422e7e3b0031235c88bca888a6382

    • SHA256

      157ffa946796f8d5bf6ce129e7954e05311bf4bc115a08ba72fe1185c52e354f

    • SHA512

      5d5078e23bf3c99442f75e23785f6680b6b438efcca3c700b84c09e639ff5c3ca46bb0595d35fb04a8a9fc0e1ef363e0e25f79aa2fa5e6785d70aa174a2127ac

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks