Overview

overview

10

Static

static

10

0b2300c2ac...84.exe

windows7_x64

10

0b2300c2ac...84.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b2300c2acf5d47179b4c0493b342edb4241c7f0aca10ff7bdc718351c968c84

  • Size

    92KB

  • Sample

    220212-kayyrabfdn

  • MD5

    a17510b7abe7dfc7e5767e0efe03502f

  • SHA1

    9a5166d18c615f3fefaae2c0bf1450beabbae73c

  • SHA256

    0b2300c2acf5d47179b4c0493b342edb4241c7f0aca10ff7bdc718351c968c84

  • SHA512

    b8ec71ba497de8baf10358ac2904786581126ef4935912632efeb73b15adae1c24693be1c8e3e4a525dcf0e8f9006efb895884804f61aa23a4919322e20a7a53

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0b2300c2acf5d47179b4c0493b342edb4241c7f0aca10ff7bdc718351c968c84

    • Size

      92KB

    • MD5

      a17510b7abe7dfc7e5767e0efe03502f

    • SHA1

      9a5166d18c615f3fefaae2c0bf1450beabbae73c

    • SHA256

      0b2300c2acf5d47179b4c0493b342edb4241c7f0aca10ff7bdc718351c968c84

    • SHA512

      b8ec71ba497de8baf10358ac2904786581126ef4935912632efeb73b15adae1c24693be1c8e3e4a525dcf0e8f9006efb895884804f61aa23a4919322e20a7a53

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks