sakula | 0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e | Triage

Submit
Reports

Overview

overview

Static

static

0880f2f513...3e.exe

windows7_x64

0880f2f513...3e.exe

windows10-2004_x64

Sharing

General

Target

0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e
Size

216KB
Sample

220212-lzmsfscedq
MD5

f0ecbf17da26cf5892c8a030da0f36e3
SHA1

a33cc68b26155449ac815a529743c8edb9e4734b
SHA256

0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e
SHA512

2c9ac3c202c1ce6a7f4f95c000b8d12e1158b4f9fa625d4b1327ae644d7e28562e9b61de90c66487f5c7010366e4bac7641c9c13f3e761d345e4d6c60e19a7b8

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e.exe

Resource

win10v2004-en-20220113

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e
- Size
  
  216KB
- MD5
  
  f0ecbf17da26cf5892c8a030da0f36e3
- SHA1
  
  a33cc68b26155449ac815a529743c8edb9e4734b
- SHA256
  
  0880f2f51388fcd48744b4058b6aa44da6568b63bf6688b5a5d22b3e2995653e
- SHA512
  
  2c9ac3c202c1ce6a7f4f95c000b8d12e1158b4f9fa625d4b1327ae644d7e28562e9b61de90c66487f5c7010366e4bac7641c9c13f3e761d345e4d6c60e19a7b8
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy