Overview

overview

10

Static

static

10

09aa9dfb6a...06.exe

windows7_x64

10

09aa9dfb6a...06.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09aa9dfb6a2e5f7047ace0481ebf98f093cf4f7fe9084be13cae1f14eb12db06

  • Size

    168KB

  • Sample

    220212-ljyj1sccdq

  • MD5

    a3268351f79fe4d9ef0d092852b799b0

  • SHA1

    d131c1cc38f0a58116caa33b6cd463682fa53c82

  • SHA256

    09aa9dfb6a2e5f7047ace0481ebf98f093cf4f7fe9084be13cae1f14eb12db06

  • SHA512

    c6e294c1ff0767388bfc10739e92751b2613e8bc60aead42c52c127e280e5a97b77c96552753c4e9063c4d952077e69ad7197cd345e04abd1bfbeec29ad9583d

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      09aa9dfb6a2e5f7047ace0481ebf98f093cf4f7fe9084be13cae1f14eb12db06

    • Size

      168KB

    • MD5

      a3268351f79fe4d9ef0d092852b799b0

    • SHA1

      d131c1cc38f0a58116caa33b6cd463682fa53c82

    • SHA256

      09aa9dfb6a2e5f7047ace0481ebf98f093cf4f7fe9084be13cae1f14eb12db06

    • SHA512

      c6e294c1ff0767388bfc10739e92751b2613e8bc60aead42c52c127e280e5a97b77c96552753c4e9063c4d952077e69ad7197cd345e04abd1bfbeec29ad9583d

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks