sakula | 052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46 | Triage

Submit
Reports

Overview

overview

Static

static

052d285b43...46.exe

windows7_x64

052d285b43...46.exe

windows10-2004_x64

Sharing

General

Target

052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46
Size

112KB
Sample

220212-m9g6dsdcbq
MD5

3fabeed2ebde29436fe1ec892a6a1cf7
SHA1

8247ede14dd40c44a98a992af13781de61ae380e
SHA256

052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46
SHA512

ca1095e064c205844dcb26c53dfa8ebe49ae888da9c489f51077145dce8f1e7fce838c8e8798756feb8fa4bef87231e523835c3abc3355ec070d678fadf9ed6e

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46.exe

Resource

win10v2004-en-20220112

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46
- Size
  
  112KB
- MD5
  
  3fabeed2ebde29436fe1ec892a6a1cf7
- SHA1
  
  8247ede14dd40c44a98a992af13781de61ae380e
- SHA256
  
  052d285b43fa67a95e17aa19d0bd9d00eeb36051d7d1298b6d0d1ac49dd05b46
- SHA512
  
  ca1095e064c205844dcb26c53dfa8ebe49ae888da9c489f51077145dce8f1e7fce838c8e8798756feb8fa4bef87231e523835c3abc3355ec070d678fadf9ed6e
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy