Overview

overview

10

Static

static

10

13f4616bdf...42.exe

windows7_x64

10

13f4616bdf...42.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13f4616bdf67878ce750b9197cb23e11faab960be4bb7709670b8526d08c0542

  • Size

    216KB

  • Sample

    220212-flw63shgfr

  • MD5

    b7d9e458b84d9baa70dacef07a1e3834

  • SHA1

    aa41f121584cc837fc7d003b92255eeffe52df9f

  • SHA256

    13f4616bdf67878ce750b9197cb23e11faab960be4bb7709670b8526d08c0542

  • SHA512

    14bb15b64cfd8b81e8632d88c9ba2c3c3369cdb23406aca4782466cd77cabdbfb6419b8de80558d13994fc393ba1a84b419553ded9859673578721f52e60cfa4

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      13f4616bdf67878ce750b9197cb23e11faab960be4bb7709670b8526d08c0542

    • Size

      216KB

    • MD5

      b7d9e458b84d9baa70dacef07a1e3834

    • SHA1

      aa41f121584cc837fc7d003b92255eeffe52df9f

    • SHA256

      13f4616bdf67878ce750b9197cb23e11faab960be4bb7709670b8526d08c0542

    • SHA512

      14bb15b64cfd8b81e8632d88c9ba2c3c3369cdb23406aca4782466cd77cabdbfb6419b8de80558d13994fc393ba1a84b419553ded9859673578721f52e60cfa4

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks