Overview

overview

10

Static

static

10

108518289c...dc.exe

windows7_x64

10

108518289c...dc.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    108518289c20a01b1d748ccfa33e32e184c64cf65c7b91fda0509814f33a1fdc

  • Size

    150KB

  • Sample

    220212-gzh22saebq

  • MD5

    6c549ed77a70301a03b92b091059123c

  • SHA1

    d23e43353556c33bfa53c3cfc6a68ee04353c106

  • SHA256

    108518289c20a01b1d748ccfa33e32e184c64cf65c7b91fda0509814f33a1fdc

  • SHA512

    606729b529142a919ba4978401b1931a0229bcddde43bd6dbe5ccf678e10e1a19126d96aa3f355e955bfef94a6cb38a78611aa72eaf1742581f62076402addca

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      108518289c20a01b1d748ccfa33e32e184c64cf65c7b91fda0509814f33a1fdc

    • Size

      150KB

    • MD5

      6c549ed77a70301a03b92b091059123c

    • SHA1

      d23e43353556c33bfa53c3cfc6a68ee04353c106

    • SHA256

      108518289c20a01b1d748ccfa33e32e184c64cf65c7b91fda0509814f33a1fdc

    • SHA512

      606729b529142a919ba4978401b1931a0229bcddde43bd6dbe5ccf678e10e1a19126d96aa3f355e955bfef94a6cb38a78611aa72eaf1742581f62076402addca

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks