Overview

overview

10

Static

static

10

061bb2dd43...f8.exe

windows7_x64

10

061bb2dd43...f8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    061bb2dd43b34958dbb1105f5e867b9b6deee4c884f1126883828960c1a4e1f8

  • Size

    216KB

  • Sample

    220212-mvx83adaek

  • MD5

    175d29472ce4a9911f393a9606ae8cb1

  • SHA1

    82bc9c1bd599e26d742972a86831a44be5bf8a71

  • SHA256

    061bb2dd43b34958dbb1105f5e867b9b6deee4c884f1126883828960c1a4e1f8

  • SHA512

    ecf899200d9b91b82f6e68b0e3f5ef0f6f1e7dbff73e4190ef87e6fa9cf4f2019befb0839bd6b4eb31837c7f2622d3b81238e49b01c17d51d59a92fb83400546

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      061bb2dd43b34958dbb1105f5e867b9b6deee4c884f1126883828960c1a4e1f8

    • Size

      216KB

    • MD5

      175d29472ce4a9911f393a9606ae8cb1

    • SHA1

      82bc9c1bd599e26d742972a86831a44be5bf8a71

    • SHA256

      061bb2dd43b34958dbb1105f5e867b9b6deee4c884f1126883828960c1a4e1f8

    • SHA512

      ecf899200d9b91b82f6e68b0e3f5ef0f6f1e7dbff73e4190ef87e6fa9cf4f2019befb0839bd6b4eb31837c7f2622d3b81238e49b01c17d51d59a92fb83400546

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks