Overview

overview

10

Static

static

10

0b1fffc3a6...fe.exe

windows7_x64

10

0b1fffc3a6...fe.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b1fffc3a63524c3d719cb2b528ea51ab692ac2c4a3349503e8a176457ffedfe

  • Size

    121KB

  • Sample

    220212-ka3xpsbfdp

  • MD5

    d5f6b719a4b477aa14f1e6f47eff9296

  • SHA1

    da660f60832c1ee184f347ebdbd6f5a7ec7be6d9

  • SHA256

    0b1fffc3a63524c3d719cb2b528ea51ab692ac2c4a3349503e8a176457ffedfe

  • SHA512

    ef33a299dad1983b066c046aebbde6761eb9d7c8449176198069a4b2da6e472afb3048cb28d57fe2f79113cc466092591785b70dafef599af1a28529f0ac51ad

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0b1fffc3a63524c3d719cb2b528ea51ab692ac2c4a3349503e8a176457ffedfe

    • Size

      121KB

    • MD5

      d5f6b719a4b477aa14f1e6f47eff9296

    • SHA1

      da660f60832c1ee184f347ebdbd6f5a7ec7be6d9

    • SHA256

      0b1fffc3a63524c3d719cb2b528ea51ab692ac2c4a3349503e8a176457ffedfe

    • SHA512

      ef33a299dad1983b066c046aebbde6761eb9d7c8449176198069a4b2da6e472afb3048cb28d57fe2f79113cc466092591785b70dafef599af1a28529f0ac51ad

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks