Overview

overview

10

Static

static

10

06f01bfa7c...b7.exe

windows7_x64

10

06f01bfa7c...b7.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06f01bfa7cfca92b64d533d0f9b46416c52169f5682cee019a99591aa2471cb7

  • Size

    176KB

  • Sample

    220212-mkbx3schcn

  • MD5

    72370f5c346b8bd221d6af9d5d8d9eb5

  • SHA1

    c2b04e8f5136d1cfbc80afe5abbc4066e8697e0d

  • SHA256

    06f01bfa7cfca92b64d533d0f9b46416c52169f5682cee019a99591aa2471cb7

  • SHA512

    a3f9429fb9f297401f84ab5252e15dcbfc4e4d63445081d21893e0ba6999d817f662c3d69b9edfdaf3ee2fcc77cc57d0c8e824b434af73ff5ad65adc89b28143

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      06f01bfa7cfca92b64d533d0f9b46416c52169f5682cee019a99591aa2471cb7

    • Size

      176KB

    • MD5

      72370f5c346b8bd221d6af9d5d8d9eb5

    • SHA1

      c2b04e8f5136d1cfbc80afe5abbc4066e8697e0d

    • SHA256

      06f01bfa7cfca92b64d533d0f9b46416c52169f5682cee019a99591aa2471cb7

    • SHA512

      a3f9429fb9f297401f84ab5252e15dcbfc4e4d63445081d21893e0ba6999d817f662c3d69b9edfdaf3ee2fcc77cc57d0c8e824b434af73ff5ad65adc89b28143

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks