Overview

overview

10

Static

static

10

059bd8c353...cf.exe

windows7_x64

10

059bd8c353...cf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    059bd8c35332459c2b2e512835f43986f013e5c7edcce96b8ba7012826e35dcf

  • Size

    89KB

  • Sample

    220212-m3n1csdbcr

  • MD5

    0a872bcec45661087fd44dabcd51f820

  • SHA1

    e5929be30ed166730b2988f9de350f45f6d59edf

  • SHA256

    059bd8c35332459c2b2e512835f43986f013e5c7edcce96b8ba7012826e35dcf

  • SHA512

    7a96a8b06d20f058052862f0a557ddba5c3507066c7256a85bc691e118d39582e514d901ea53ccebb92c7ab4a2c828fe5028a2d0f730b7a5dd748496f60fec9d

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      059bd8c35332459c2b2e512835f43986f013e5c7edcce96b8ba7012826e35dcf

    • Size

      89KB

    • MD5

      0a872bcec45661087fd44dabcd51f820

    • SHA1

      e5929be30ed166730b2988f9de350f45f6d59edf

    • SHA256

      059bd8c35332459c2b2e512835f43986f013e5c7edcce96b8ba7012826e35dcf

    • SHA512

      7a96a8b06d20f058052862f0a557ddba5c3507066c7256a85bc691e118d39582e514d901ea53ccebb92c7ab4a2c828fe5028a2d0f730b7a5dd748496f60fec9d

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks