Overview

overview

10

Static

static

10

134a3572ed...df.exe

windows7_x64

10

134a3572ed...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    134a3572ed5f9092019c286f397773893fea25d1b14eab36ed340e89fc6ecedf

  • Size

    89KB

  • Sample

    220212-fxndbaaaal

  • MD5

    d0c0d9ae6bac77feddb379c8c6a175c6

  • SHA1

    b45f96eb0af4fe29847f3b03bbc4cbfcbdfa29e5

  • SHA256

    134a3572ed5f9092019c286f397773893fea25d1b14eab36ed340e89fc6ecedf

  • SHA512

    0996c3590dd557578437e19c61292914c7806b08d80480f9c5ac249adece7398c2762b6fcaeb6bcd25dfc9beff193f1b4407d811924d45424290fed217277584

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      134a3572ed5f9092019c286f397773893fea25d1b14eab36ed340e89fc6ecedf

    • Size

      89KB

    • MD5

      d0c0d9ae6bac77feddb379c8c6a175c6

    • SHA1

      b45f96eb0af4fe29847f3b03bbc4cbfcbdfa29e5

    • SHA256

      134a3572ed5f9092019c286f397773893fea25d1b14eab36ed340e89fc6ecedf

    • SHA512

      0996c3590dd557578437e19c61292914c7806b08d80480f9c5ac249adece7398c2762b6fcaeb6bcd25dfc9beff193f1b4407d811924d45424290fed217277584

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks