General
-
Target
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370
-
Size
120KB
-
Sample
220212-jxeb7abdhk
-
MD5
c2dfed13dd75ef29461eddd6b4cf9dae
-
SHA1
6f00e0053eedae3988e9ea178b1d67aba495efdf
-
SHA256
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370
-
SHA512
8a8a784d3e029b2b98f136ca0e0fde97576d5b03e1c69063ca6c328007a347a510bda50c3cb10b4df976eb866f899d30c4008a85bebe076e6e9544c769cef83c
Static task
static1
Behavioral task
behavioral1
Sample
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370.exe
Resource
win10v2004-en-20220113
Malware Config
Targets
-
-
Target
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370
-
Size
120KB
-
MD5
c2dfed13dd75ef29461eddd6b4cf9dae
-
SHA1
6f00e0053eedae3988e9ea178b1d67aba495efdf
-
SHA256
0be0f008e6b5a630e1f8bab30792a5660fd5d75c382cceb05a69cce396dc7370
-
SHA512
8a8a784d3e029b2b98f136ca0e0fde97576d5b03e1c69063ca6c328007a347a510bda50c3cb10b4df976eb866f899d30c4008a85bebe076e6e9544c769cef83c
Score10/10-
Sakula Payload
-
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-