Overview

overview

10

Static

static

10

093f4c1daf...44.exe

windows7_x64

10

093f4c1daf...44.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    093f4c1daf23832f07a0d60f1b7c6a11407f6d93665d7281e860633d5e8a0144

  • Size

    220KB

  • Sample

    220212-lphqracdbj

  • MD5

    9a09b9f424267d8602977279775dd3f6

  • SHA1

    8ad8b470797fae222929030d45df093d2eed36e8

  • SHA256

    093f4c1daf23832f07a0d60f1b7c6a11407f6d93665d7281e860633d5e8a0144

  • SHA512

    df6bd0f37f1c1e73bb36d3d4cab8d09f8fe1cd55320771212f743d4c9cda00ff5c4e05b4a0d8872671e6231760d21fea798c6980a103d4d4a37a1307d09bee4f

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      093f4c1daf23832f07a0d60f1b7c6a11407f6d93665d7281e860633d5e8a0144

    • Size

      220KB

    • MD5

      9a09b9f424267d8602977279775dd3f6

    • SHA1

      8ad8b470797fae222929030d45df093d2eed36e8

    • SHA256

      093f4c1daf23832f07a0d60f1b7c6a11407f6d93665d7281e860633d5e8a0144

    • SHA512

      df6bd0f37f1c1e73bb36d3d4cab8d09f8fe1cd55320771212f743d4c9cda00ff5c4e05b4a0d8872671e6231760d21fea798c6980a103d4d4a37a1307d09bee4f

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks