Overview

overview

10

Static

static

10

13ec0d6507...0a.exe

windows7_x64

10

13ec0d6507...0a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13ec0d650792afd673ca20d89ef072456033b4dbd4b07e422017b9bbdaa6d80a

  • Size

    92KB

  • Sample

    220212-fmch3ahggm

  • MD5

    53ee115d935f47012654d3a4a99d724a

  • SHA1

    7ab3731d2319854842d52ceb519ca03e244398a9

  • SHA256

    13ec0d650792afd673ca20d89ef072456033b4dbd4b07e422017b9bbdaa6d80a

  • SHA512

    73c4e95a0b29f5c580ee76141e41acb97b8a5ba92f06b89cae3f1ecd069a1a03f07402aa9a08a5568cf3a8ce91cb742d4e25ac30f309a52add7f2a62d34542eb

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      13ec0d650792afd673ca20d89ef072456033b4dbd4b07e422017b9bbdaa6d80a

    • Size

      92KB

    • MD5

      53ee115d935f47012654d3a4a99d724a

    • SHA1

      7ab3731d2319854842d52ceb519ca03e244398a9

    • SHA256

      13ec0d650792afd673ca20d89ef072456033b4dbd4b07e422017b9bbdaa6d80a

    • SHA512

      73c4e95a0b29f5c580ee76141e41acb97b8a5ba92f06b89cae3f1ecd069a1a03f07402aa9a08a5568cf3a8ce91cb742d4e25ac30f309a52add7f2a62d34542eb

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks