Overview

overview

10

Static

static

10

12837d0eef...1d.exe

windows7_x64

10

12837d0eef...1d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    12837d0eef0051c204551e00dbd7de0abddb390c480fb423cd4806dfadd5c41d

  • Size

    216KB

  • Sample

    220212-f7lx8sabbj

  • MD5

    c9e9350dc5f7a16284b3c9249674da44

  • SHA1

    c0e068dfeaa1db243356ed8e24c487a99a8aa6c7

  • SHA256

    12837d0eef0051c204551e00dbd7de0abddb390c480fb423cd4806dfadd5c41d

  • SHA512

    b8727566ed6891b5dd1351116e16cce1234d9111f64af36657ee80d74424a63197ffb6f93c3d036d8e2ce4be765be9951a622d19c18dd5b2bdf65e250fc0d344

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      12837d0eef0051c204551e00dbd7de0abddb390c480fb423cd4806dfadd5c41d

    • Size

      216KB

    • MD5

      c9e9350dc5f7a16284b3c9249674da44

    • SHA1

      c0e068dfeaa1db243356ed8e24c487a99a8aa6c7

    • SHA256

      12837d0eef0051c204551e00dbd7de0abddb390c480fb423cd4806dfadd5c41d

    • SHA512

      b8727566ed6891b5dd1351116e16cce1234d9111f64af36657ee80d74424a63197ffb6f93c3d036d8e2ce4be765be9951a622d19c18dd5b2bdf65e250fc0d344

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks