Overview

overview

10

Static

static

10

08768317e8...31.exe

windows7_x64

10

08768317e8...31.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08768317e8119dd0e11ff876a0b9227db7120d0578a9302db713ce356d57e431

  • Size

    89KB

  • Sample

    220212-lz9l8aceep

  • MD5

    e24166008f0ce22f27414cfedcd66f28

  • SHA1

    06845d814d192bc14948bb68cc74e22254348015

  • SHA256

    08768317e8119dd0e11ff876a0b9227db7120d0578a9302db713ce356d57e431

  • SHA512

    78fdc1aa09a3019cd0502605541895ffa363de3779f1c97a3345063f7c736abfe569883efca6c440b886134a70790c51c4b28cdae85fbc6203ee6a9614d6556b

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      08768317e8119dd0e11ff876a0b9227db7120d0578a9302db713ce356d57e431

    • Size

      89KB

    • MD5

      e24166008f0ce22f27414cfedcd66f28

    • SHA1

      06845d814d192bc14948bb68cc74e22254348015

    • SHA256

      08768317e8119dd0e11ff876a0b9227db7120d0578a9302db713ce356d57e431

    • SHA512

      78fdc1aa09a3019cd0502605541895ffa363de3779f1c97a3345063f7c736abfe569883efca6c440b886134a70790c51c4b28cdae85fbc6203ee6a9614d6556b

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks