Overview

overview

10

Static

static

10

0610398fed...df.exe

windows7_x64

10

0610398fed...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0610398fed04a39d7635832ce60b4c3d2f9b467b0a20b07393e52ff1adb3cedf

  • Size

    92KB

  • Sample

    220212-mwh6jadaer

  • MD5

    733cac2ce9d760a66bfdff24ee6ae7ba

  • SHA1

    85414922f21253823d1192497caf3e171780c8aa

  • SHA256

    0610398fed04a39d7635832ce60b4c3d2f9b467b0a20b07393e52ff1adb3cedf

  • SHA512

    137863b41de45b9d60f0b4d80d669cafbea982d1d66ba475b373c38ba933669129213fe91a06ac388fecda31e72e5ccc67701cd63f7d23d9388cd7a7020b6b3f

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0610398fed04a39d7635832ce60b4c3d2f9b467b0a20b07393e52ff1adb3cedf

    • Size

      92KB

    • MD5

      733cac2ce9d760a66bfdff24ee6ae7ba

    • SHA1

      85414922f21253823d1192497caf3e171780c8aa

    • SHA256

      0610398fed04a39d7635832ce60b4c3d2f9b467b0a20b07393e52ff1adb3cedf

    • SHA512

      137863b41de45b9d60f0b4d80d669cafbea982d1d66ba475b373c38ba933669129213fe91a06ac388fecda31e72e5ccc67701cd63f7d23d9388cd7a7020b6b3f

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks