General
-
Target
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7
-
Size
216KB
-
Sample
220212-jqvqlabdbm
-
MD5
fef7b29db60e21a8cd60c27c84948f51
-
SHA1
dc5c47a161c50f9f0837c5af8cdced0c332a2a87
-
SHA256
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7
-
SHA512
ce5413d8fe055022aa688a76ee554e0d9a0dbf4ddd320df2719ec576ad1ff758f483a83f7a28e995237b29efb683823df8e62665439b4615ebf6b249b282d720
Static task
static1
Behavioral task
behavioral1
Sample
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7.exe
Resource
win10v2004-en-20220112
Malware Config
Targets
-
-
Target
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7
-
Size
216KB
-
MD5
fef7b29db60e21a8cd60c27c84948f51
-
SHA1
dc5c47a161c50f9f0837c5af8cdced0c332a2a87
-
SHA256
0c70e7a0f19e15cfe807be04fb99e56d127354ab1e075793b68c4b5d94b624c7
-
SHA512
ce5413d8fe055022aa688a76ee554e0d9a0dbf4ddd320df2719ec576ad1ff758f483a83f7a28e995237b29efb683823df8e62665439b4615ebf6b249b282d720
Score10/10-
Sakula Payload
-
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-