Overview

overview

10

Static

static

10

0d887f5ae4...ce.exe

windows7_x64

10

0d887f5ae4...ce.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d887f5ae411555f6d46c4b6eebeb01f186092c9183c7f680bfe8994c91b92ce

  • Size

    216KB

  • Sample

    220212-jamp2sbahk

  • MD5

    39d3045114638a4e17be87f1976873c9

  • SHA1

    2f0720836c0c67890e271a06fa9a8a808d23301c

  • SHA256

    0d887f5ae411555f6d46c4b6eebeb01f186092c9183c7f680bfe8994c91b92ce

  • SHA512

    19b2e9da0f8d982a4179b2df41c4600459a1926e34606c4dc97e0fbd0c841672123286e6bfcd30cb1d1a597561f295e85cce266f60bcf08696c5fc10de3fef3a

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0d887f5ae411555f6d46c4b6eebeb01f186092c9183c7f680bfe8994c91b92ce

    • Size

      216KB

    • MD5

      39d3045114638a4e17be87f1976873c9

    • SHA1

      2f0720836c0c67890e271a06fa9a8a808d23301c

    • SHA256

      0d887f5ae411555f6d46c4b6eebeb01f186092c9183c7f680bfe8994c91b92ce

    • SHA512

      19b2e9da0f8d982a4179b2df41c4600459a1926e34606c4dc97e0fbd0c841672123286e6bfcd30cb1d1a597561f295e85cce266f60bcf08696c5fc10de3fef3a

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks