Overview

overview

10

Static

static

10

1365540841...d7.exe

windows7_x64

10

1365540841...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1365540841658811df52455d245e04350775d077b92dcf235dd32828a59899d7

  • Size

    92KB

  • Sample

    220212-fwae3ahhhk

  • MD5

    cf58bdfe6de9fae3d3f3ad754cf9a140

  • SHA1

    cd33d62005886294e74915dbe97454491cb23783

  • SHA256

    1365540841658811df52455d245e04350775d077b92dcf235dd32828a59899d7

  • SHA512

    a6956f8daa32043003bc07bd2a86331e7e65b85b6149abab2838d7350fc572471061d265bb7d30cd71cffeede3026a3f2017dcac6bddb62dfc57fc7dadf2088e

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      1365540841658811df52455d245e04350775d077b92dcf235dd32828a59899d7

    • Size

      92KB

    • MD5

      cf58bdfe6de9fae3d3f3ad754cf9a140

    • SHA1

      cd33d62005886294e74915dbe97454491cb23783

    • SHA256

      1365540841658811df52455d245e04350775d077b92dcf235dd32828a59899d7

    • SHA512

      a6956f8daa32043003bc07bd2a86331e7e65b85b6149abab2838d7350fc572471061d265bb7d30cd71cffeede3026a3f2017dcac6bddb62dfc57fc7dadf2088e

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks