Overview

overview

10

Static

static

10

15815935b5...e7.exe

windows7_x64

10

15815935b5...e7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15815935b568251bd36a7a047ffa7bda410dba4127d50d30ae17af9f5f9b24e7

  • Size

    216KB

  • Sample

    220212-exycvaheap

  • MD5

    23af8581638a298c90462d18d0e65d30

  • SHA1

    57b5415543aa551ab93a7572b4b348eccf69fb51

  • SHA256

    15815935b568251bd36a7a047ffa7bda410dba4127d50d30ae17af9f5f9b24e7

  • SHA512

    402aaf3b29f09c498fcdc4a950e40377cb516633d15169c8b10a60d377ec60ea5c4bc52c609a893d5228b382b9be038ef91fb2b725d7d4911ef9b68caed136ad

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      15815935b568251bd36a7a047ffa7bda410dba4127d50d30ae17af9f5f9b24e7

    • Size

      216KB

    • MD5

      23af8581638a298c90462d18d0e65d30

    • SHA1

      57b5415543aa551ab93a7572b4b348eccf69fb51

    • SHA256

      15815935b568251bd36a7a047ffa7bda410dba4127d50d30ae17af9f5f9b24e7

    • SHA512

      402aaf3b29f09c498fcdc4a950e40377cb516633d15169c8b10a60d377ec60ea5c4bc52c609a893d5228b382b9be038ef91fb2b725d7d4911ef9b68caed136ad

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks