Overview

overview

10

Static

static

10

13db23b9e0...49.exe

windows7_x64

10

13db23b9e0...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13db23b9e09bdf3569a47388da29f72d906ca1d3f21884dcf5a6d05353620949

  • Size

    92KB

  • Sample

    220212-fnf8mshhaj

  • MD5

    e5afb850ecec66883c88fd0df0932bba

  • SHA1

    6d89142d7b763fc510ed32d9814acf0243ab647d

  • SHA256

    13db23b9e09bdf3569a47388da29f72d906ca1d3f21884dcf5a6d05353620949

  • SHA512

    6ef566c6ca257ac6712907e8b3be0818e70c065e638bbf584c847da5e0393e5fe4bf574bf17ed2ba39252e5b3dd8acbc75579120b484477cfc5ac1b5939e1f27

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      13db23b9e09bdf3569a47388da29f72d906ca1d3f21884dcf5a6d05353620949

    • Size

      92KB

    • MD5

      e5afb850ecec66883c88fd0df0932bba

    • SHA1

      6d89142d7b763fc510ed32d9814acf0243ab647d

    • SHA256

      13db23b9e09bdf3569a47388da29f72d906ca1d3f21884dcf5a6d05353620949

    • SHA512

      6ef566c6ca257ac6712907e8b3be0818e70c065e638bbf584c847da5e0393e5fe4bf574bf17ed2ba39252e5b3dd8acbc75579120b484477cfc5ac1b5939e1f27

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks