Overview

overview

10

Static

static

10

13f78839c5...de.exe

windows7_x64

10

13f78839c5...de.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13f78839c5c9b4a66175133f569fdb5385e35ccf35e3eff641fe509f307882de

  • Size

    89KB

  • Sample

    220212-flp3rshgfp

  • MD5

    dd24df840cd4e63c67a3717f554eb44e

  • SHA1

    513e20711a13d4009fdf2e0b0935ea106fd76717

  • SHA256

    13f78839c5c9b4a66175133f569fdb5385e35ccf35e3eff641fe509f307882de

  • SHA512

    3560545fe77c377d9149462e4fcd83c050b3b38f5a862ab5b177d60b33492af34633ec514d02b5e3a758568a38a238739532cca9eba55eff81b909f031ee1f29

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      13f78839c5c9b4a66175133f569fdb5385e35ccf35e3eff641fe509f307882de

    • Size

      89KB

    • MD5

      dd24df840cd4e63c67a3717f554eb44e

    • SHA1

      513e20711a13d4009fdf2e0b0935ea106fd76717

    • SHA256

      13f78839c5c9b4a66175133f569fdb5385e35ccf35e3eff641fe509f307882de

    • SHA512

      3560545fe77c377d9149462e4fcd83c050b3b38f5a862ab5b177d60b33492af34633ec514d02b5e3a758568a38a238739532cca9eba55eff81b909f031ee1f29

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks