sakula | 079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da | Triage

Submit
Reports

Overview

overview

Static

static

079dc09729...da.exe

windows7_x64

079dc09729...da.exe

windows10-2004_x64

Sharing

General

Target

079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da
Size

100KB
Sample

220212-mcc56scgar
MD5

cad0ce7e8c118a6eaf246627146f2113
SHA1

c5746bdaa4be3a30e400b2565d581c1038fd392c
SHA256

079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da
SHA512

b4fd1e3fe362c61fe22d1514a3c06e6baf5fd1c4d1edcb21d6f4ea0882a7ca94b45fada976fa9fe64230ae7e8f6b090b84f9d422bb27239f25ac6d6c7c3102dd

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da.exe

Resource

win10v2004-en-20220113

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da
- Size
  
  100KB
- MD5
  
  cad0ce7e8c118a6eaf246627146f2113
- SHA1
  
  c5746bdaa4be3a30e400b2565d581c1038fd392c
- SHA256
  
  079dc0972907f527d50659283d6a64f4c336279812e87ad429b23792cab2e0da
- SHA512
  
  b4fd1e3fe362c61fe22d1514a3c06e6baf5fd1c4d1edcb21d6f4ea0882a7ca94b45fada976fa9fe64230ae7e8f6b090b84f9d422bb27239f25ac6d6c7c3102dd
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy