Overview

overview

10

Static

static

10

1038f77839...64.exe

windows7_x64

10

1038f77839...64.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1038f778396195e43be4ab047dad4eccbe02daa2a78f14090f9ed8dc46379b64

  • Size

    200KB

  • Sample

    220212-g4k27saefp

  • MD5

    b3ddc8737e6ac1097374cf1fd2a30ea5

  • SHA1

    603e981378d48016594b1cbe88df4d82e519be83

  • SHA256

    1038f778396195e43be4ab047dad4eccbe02daa2a78f14090f9ed8dc46379b64

  • SHA512

    cfefd87f5f16604f3dba403b0a4506bc3649ad03806210065732159f0a1dda12a712f461b0f35b64b8eb3b4127fe31f6829f0989693e4d6d135349adfea78739

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      1038f778396195e43be4ab047dad4eccbe02daa2a78f14090f9ed8dc46379b64

    • Size

      200KB

    • MD5

      b3ddc8737e6ac1097374cf1fd2a30ea5

    • SHA1

      603e981378d48016594b1cbe88df4d82e519be83

    • SHA256

      1038f778396195e43be4ab047dad4eccbe02daa2a78f14090f9ed8dc46379b64

    • SHA512

      cfefd87f5f16604f3dba403b0a4506bc3649ad03806210065732159f0a1dda12a712f461b0f35b64b8eb3b4127fe31f6829f0989693e4d6d135349adfea78739

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks