Overview

overview

10

Static

static

10

0ae3302ab3...9b.exe

windows7_x64

10

0ae3302ab3...9b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0ae3302ab380a3f130007b45b84b9915a7dbe28b47b6c42d4363b5038cd7c89b

  • Size

    150KB

  • Sample

    220212-kfyj6sbgar

  • MD5

    e646053f04979c98ba9bcd9eeaebb9eb

  • SHA1

    ff9ece3a0a5094549c0a7428e22765c3b76a7fae

  • SHA256

    0ae3302ab380a3f130007b45b84b9915a7dbe28b47b6c42d4363b5038cd7c89b

  • SHA512

    6c13b140cc36ee29fc567ae13d2b816b9eebeb8810fd3180f1da6a575be65fbaf1bcf2956eb70e1e32451a8fc5395cef4f9b4152ebe5e611670b2e3ef5ba3bcf

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0ae3302ab380a3f130007b45b84b9915a7dbe28b47b6c42d4363b5038cd7c89b

    • Size

      150KB

    • MD5

      e646053f04979c98ba9bcd9eeaebb9eb

    • SHA1

      ff9ece3a0a5094549c0a7428e22765c3b76a7fae

    • SHA256

      0ae3302ab380a3f130007b45b84b9915a7dbe28b47b6c42d4363b5038cd7c89b

    • SHA512

      6c13b140cc36ee29fc567ae13d2b816b9eebeb8810fd3180f1da6a575be65fbaf1bcf2956eb70e1e32451a8fc5395cef4f9b4152ebe5e611670b2e3ef5ba3bcf

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks