Overview

overview

10

Static

static

10

08e7d41de8...6b.exe

windows7_x64

10

08e7d41de8...6b.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08e7d41de8f943bb53145970223c7a4a7609bd88431423ff4cbe270a0859d46b

  • Size

    113KB

  • Sample

    220212-lt84hacdgn

  • MD5

    e90daeb5d3b4354a778100a9f37c3d86

  • SHA1

    f6386579a8d34959cb98a8b33fc8f18fa50d920d

  • SHA256

    08e7d41de8f943bb53145970223c7a4a7609bd88431423ff4cbe270a0859d46b

  • SHA512

    ab57fdd3b9b554267498db494e569c9aee851fb6100c5f351c77ee9b2746d25a246dd7fc974eb3e24ac5ea214c8ad6c2d87a43517454502d1d652b0740db9278

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      08e7d41de8f943bb53145970223c7a4a7609bd88431423ff4cbe270a0859d46b

    • Size

      113KB

    • MD5

      e90daeb5d3b4354a778100a9f37c3d86

    • SHA1

      f6386579a8d34959cb98a8b33fc8f18fa50d920d

    • SHA256

      08e7d41de8f943bb53145970223c7a4a7609bd88431423ff4cbe270a0859d46b

    • SHA512

      ab57fdd3b9b554267498db494e569c9aee851fb6100c5f351c77ee9b2746d25a246dd7fc974eb3e24ac5ea214c8ad6c2d87a43517454502d1d652b0740db9278

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks