Overview

overview

10

Static

static

10

11bb18c7fb...dd.exe

windows7_x64

10

11bb18c7fb...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    11bb18c7fba949d28e1b0cfb82bf211e7dadaea08c226fe51f5ac91519ab21dd

  • Size

    150KB

  • Sample

    220212-ggvccsacdj

  • MD5

    519226f18eae27ceafd3b8122a3e8684

  • SHA1

    4b2ec37b7d1d57d08e566f39573f13dff75c342a

  • SHA256

    11bb18c7fba949d28e1b0cfb82bf211e7dadaea08c226fe51f5ac91519ab21dd

  • SHA512

    cd13068f3191a9740bbc80a0e5a06c60131c29eeb2e6b97370d181157911e59a908190be752ffe6e9638ddd94ed1bcb19c340d3a9ef77f8ddd2c7e133f7610a5

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      11bb18c7fba949d28e1b0cfb82bf211e7dadaea08c226fe51f5ac91519ab21dd

    • Size

      150KB

    • MD5

      519226f18eae27ceafd3b8122a3e8684

    • SHA1

      4b2ec37b7d1d57d08e566f39573f13dff75c342a

    • SHA256

      11bb18c7fba949d28e1b0cfb82bf211e7dadaea08c226fe51f5ac91519ab21dd

    • SHA512

      cd13068f3191a9740bbc80a0e5a06c60131c29eeb2e6b97370d181157911e59a908190be752ffe6e9638ddd94ed1bcb19c340d3a9ef77f8ddd2c7e133f7610a5

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks