Overview

overview

10

Static

static

10

105fab141b...2f.exe

windows7_x64

10

105fab141b...2f.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    105fab141bc767ad10744f5407d2c37def68b35c245fb85ef88861759bb3972f

  • Size

    116KB

  • Sample

    220212-g2egmsaedq

  • MD5

    d69d76cecbf913c87305c75a223fabd3

  • SHA1

    4dbb27e0ac09a4b4a4154b7195ed0fa5d2d50173

  • SHA256

    105fab141bc767ad10744f5407d2c37def68b35c245fb85ef88861759bb3972f

  • SHA512

    ea338a07d667da62832edf483a1bd2af6725c8ff2afa213764e3bba2fae4e0073b881a92b13819e0f779a300d13f6afc8b30407f72352405609ef32ff5613d37

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      105fab141bc767ad10744f5407d2c37def68b35c245fb85ef88861759bb3972f

    • Size

      116KB

    • MD5

      d69d76cecbf913c87305c75a223fabd3

    • SHA1

      4dbb27e0ac09a4b4a4154b7195ed0fa5d2d50173

    • SHA256

      105fab141bc767ad10744f5407d2c37def68b35c245fb85ef88861759bb3972f

    • SHA512

      ea338a07d667da62832edf483a1bd2af6725c8ff2afa213764e3bba2fae4e0073b881a92b13819e0f779a300d13f6afc8b30407f72352405609ef32ff5613d37

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks