General
-
Target
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7
-
Size
216KB
-
Sample
220212-h99hesbagr
-
MD5
86646705120d79fb205aacccba759b3e
-
SHA1
2c617df93b7a3417c4a05d1cca1d585599a0064f
-
SHA256
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7
-
SHA512
e8ee9ba1733443aae7892603e31572581ad8bb531c4b75cd29ac1b10679f1ad49dbd73433aeae6f6f3b92688fd646f5bb296961ec316570738f94f3ff446e9bd
Static task
static1
Behavioral task
behavioral1
Sample
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7
-
Size
216KB
-
MD5
86646705120d79fb205aacccba759b3e
-
SHA1
2c617df93b7a3417c4a05d1cca1d585599a0064f
-
SHA256
0d8d238d64d116a32f4f49cc1b9274dd6445d39235bbb6f2790a6b54ca4b30b7
-
SHA512
e8ee9ba1733443aae7892603e31572581ad8bb531c4b75cd29ac1b10679f1ad49dbd73433aeae6f6f3b92688fd646f5bb296961ec316570738f94f3ff446e9bd
Score10/10-
Sakula Payload
-
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-