Overview

overview

10

Static

static

10

11c3b97238...d7.exe

windows7_x64

10

11c3b97238...d7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11c3b97238ba7569363aebb0e79f442a831119d1f27ad5f3ab8796a825748dd7

  • Size

    150KB

  • Sample

    220212-gf1sraaccn

  • MD5

    daee7814a6e6d76f6c8216b043f1f435

  • SHA1

    e3247673e73b3fa518df6ebfd1392cf5309dae33

  • SHA256

    11c3b97238ba7569363aebb0e79f442a831119d1f27ad5f3ab8796a825748dd7

  • SHA512

    5586ee757d51555bf56a58dab6814c4ada8fd49c5f313a915c1f1cda682eddf6f282f81f056c6637303c73b49772ed6d69579715a9472409bf6be0a6634851c1

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      11c3b97238ba7569363aebb0e79f442a831119d1f27ad5f3ab8796a825748dd7

    • Size

      150KB

    • MD5

      daee7814a6e6d76f6c8216b043f1f435

    • SHA1

      e3247673e73b3fa518df6ebfd1392cf5309dae33

    • SHA256

      11c3b97238ba7569363aebb0e79f442a831119d1f27ad5f3ab8796a825748dd7

    • SHA512

      5586ee757d51555bf56a58dab6814c4ada8fd49c5f313a915c1f1cda682eddf6f282f81f056c6637303c73b49772ed6d69579715a9472409bf6be0a6634851c1

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks