Overview

overview

10

Static

static

10

103150b93e...d6.exe

windows7_x64

10

103150b93e...d6.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    103150b93e8d7f0c7dd212dd20cc270ddcf332d0fcfbd7a7ba37d13553ac2ed6

  • Size

    216KB

  • Sample

    220212-g48hhaaegm

  • MD5

    907953f694d2d408e0fb79e9194fc1f3

  • SHA1

    c5b904d2e2d85b5ebb8fde6d872a08e34b48f6be

  • SHA256

    103150b93e8d7f0c7dd212dd20cc270ddcf332d0fcfbd7a7ba37d13553ac2ed6

  • SHA512

    baf7013a5a938b8cc6697e99716a1df201bb871bdaa039500f03b685a7584ab893e00571b3a0ba92cd58e01d0e1c3eca392eb554941620cbf53bf5d5ff65f5d0

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      103150b93e8d7f0c7dd212dd20cc270ddcf332d0fcfbd7a7ba37d13553ac2ed6

    • Size

      216KB

    • MD5

      907953f694d2d408e0fb79e9194fc1f3

    • SHA1

      c5b904d2e2d85b5ebb8fde6d872a08e34b48f6be

    • SHA256

      103150b93e8d7f0c7dd212dd20cc270ddcf332d0fcfbd7a7ba37d13553ac2ed6

    • SHA512

      baf7013a5a938b8cc6697e99716a1df201bb871bdaa039500f03b685a7584ab893e00571b3a0ba92cd58e01d0e1c3eca392eb554941620cbf53bf5d5ff65f5d0

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks