Overview

overview

10

Static

static

10

099c8dee19...90.exe

windows7_x64

10

099c8dee19...90.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    099c8dee19f5d24a9357d25727ae8977233cc1755a4293dcc5bfc92d04d46390

  • Size

    150KB

  • Sample

    220212-lj74fsccek

  • MD5

    38f61730148180d53abcb15c1f7d0a3a

  • SHA1

    4fbcf95203134e74d658184c6fd627f13e1607ed

  • SHA256

    099c8dee19f5d24a9357d25727ae8977233cc1755a4293dcc5bfc92d04d46390

  • SHA512

    9f6d38c317fec47e2bca9cca8cc0df66476f71113853d3961e82201acd11a4c6f296d68f493992d2fa6ba2e7b8703de06b64b208a9de09d100d2a59d49d9c2cc

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      099c8dee19f5d24a9357d25727ae8977233cc1755a4293dcc5bfc92d04d46390

    • Size

      150KB

    • MD5

      38f61730148180d53abcb15c1f7d0a3a

    • SHA1

      4fbcf95203134e74d658184c6fd627f13e1607ed

    • SHA256

      099c8dee19f5d24a9357d25727ae8977233cc1755a4293dcc5bfc92d04d46390

    • SHA512

      9f6d38c317fec47e2bca9cca8cc0df66476f71113853d3961e82201acd11a4c6f296d68f493992d2fa6ba2e7b8703de06b64b208a9de09d100d2a59d49d9c2cc

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks