Overview

overview

10

Static

static

10

0ca3e2c88c...e1.exe

windows7_x64

10

0ca3e2c88c...e1.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ca3e2c88c0f82410b92b498fc9bdc9d499ac8737b7673bf34724421841ce9e1

  • Size

    212KB

  • Sample

    220212-jmdynsbcen

  • MD5

    4f555d008896698e15f7d99963c63382

  • SHA1

    397fd99d2fb6f0159e84ca394526dd1ff2e1d4c4

  • SHA256

    0ca3e2c88c0f82410b92b498fc9bdc9d499ac8737b7673bf34724421841ce9e1

  • SHA512

    879319ea6a5ee001b8404b004d3494f33a9621dc5d24b1f2c41e000657205695b643dc528201fcfade2d5773f7d964edcb492177317ea8fe13a936c0da6a8a4e

Score
10/10
sakulapersistenceratsuricatatrojanupx

Malware Config

Targets

    • Target

      0ca3e2c88c0f82410b92b498fc9bdc9d499ac8737b7673bf34724421841ce9e1

    • Size

      212KB

    • MD5

      4f555d008896698e15f7d99963c63382

    • SHA1

      397fd99d2fb6f0159e84ca394526dd1ff2e1d4c4

    • SHA256

      0ca3e2c88c0f82410b92b498fc9bdc9d499ac8737b7673bf34724421841ce9e1

    • SHA512

      879319ea6a5ee001b8404b004d3494f33a9621dc5d24b1f2c41e000657205695b643dc528201fcfade2d5773f7d964edcb492177317ea8fe13a936c0da6a8a4e

    Score
    10/10
    sakulapersistenceratsuricatatrojanupx

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks