Overview

overview

10

Static

static

10

0a536b7d87...d8.exe

windows7_x64

10

0a536b7d87...d8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a536b7d873675a88767c2b1f753f88e75b2e8781cd2e5f84b6f3f2d6f23b9d8

  • Size

    216KB

  • Sample

    220212-lbef6scbfj

  • MD5

    1392fc9a060dca561f1c8cbff67c00fd

  • SHA1

    f378d131149f7fb077027138ddd079c9d9d8ecc5

  • SHA256

    0a536b7d873675a88767c2b1f753f88e75b2e8781cd2e5f84b6f3f2d6f23b9d8

  • SHA512

    6d34a270ac09452376a36991bac66bff49ac2811d608fd9a5107a14f33cd3fa077b8dd0be5a9bf7838d57c0313c1578dffba05c9a89bf7921e213f11529f5bf4

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0a536b7d873675a88767c2b1f753f88e75b2e8781cd2e5f84b6f3f2d6f23b9d8

    • Size

      216KB

    • MD5

      1392fc9a060dca561f1c8cbff67c00fd

    • SHA1

      f378d131149f7fb077027138ddd079c9d9d8ecc5

    • SHA256

      0a536b7d873675a88767c2b1f753f88e75b2e8781cd2e5f84b6f3f2d6f23b9d8

    • SHA512

      6d34a270ac09452376a36991bac66bff49ac2811d608fd9a5107a14f33cd3fa077b8dd0be5a9bf7838d57c0313c1578dffba05c9a89bf7921e213f11529f5bf4

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks