Overview

overview

10

Static

static

10

13ca751848...5a.exe

windows7_x64

10

13ca751848...5a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13ca75184838275250099e6f3db02827af487fff6133a612a23c78801ea5715a

  • Size

    150KB

  • Sample

    220212-fpsytshhbl

  • MD5

    fb99fda95031b6d2f2eb635305eb0436

  • SHA1

    75108531565a57639732b6c859c58e3b40ab9c04

  • SHA256

    13ca75184838275250099e6f3db02827af487fff6133a612a23c78801ea5715a

  • SHA512

    5c21b888aca2d7baf531c310892792fecd7721dba4bee454fb0519ff3f55a7fb54ceffd0a020d7407cf950873f362fcc4141e20e6f9c81ec53c9cf988c10838f

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      13ca75184838275250099e6f3db02827af487fff6133a612a23c78801ea5715a

    • Size

      150KB

    • MD5

      fb99fda95031b6d2f2eb635305eb0436

    • SHA1

      75108531565a57639732b6c859c58e3b40ab9c04

    • SHA256

      13ca75184838275250099e6f3db02827af487fff6133a612a23c78801ea5715a

    • SHA512

      5c21b888aca2d7baf531c310892792fecd7721dba4bee454fb0519ff3f55a7fb54ceffd0a020d7407cf950873f362fcc4141e20e6f9c81ec53c9cf988c10838f

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks