Overview

overview

10

Static

static

10

05f9fa1627...e2.exe

windows7_x64

10

05f9fa1627...e2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05f9fa16273fac7c897181dc3013adf6c18d32e646d46882eb8a8be69ad4c4e2

  • Size

    216KB

  • Sample

    220212-mx6m8adagm

  • MD5

    a731b3dcaa88151463e707dedb06d13b

  • SHA1

    74bdeecc7dc3fa7928b403053ec6a1f6f80a6885

  • SHA256

    05f9fa16273fac7c897181dc3013adf6c18d32e646d46882eb8a8be69ad4c4e2

  • SHA512

    42b5d25eb5372592ea28ce132cd7260c1d573e25bf66bbb8195ea83419dcd6530b7d317edb2bee4a7b0a781224536d9e00cb0dce232b395eb9c9886069b66ffd

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      05f9fa16273fac7c897181dc3013adf6c18d32e646d46882eb8a8be69ad4c4e2

    • Size

      216KB

    • MD5

      a731b3dcaa88151463e707dedb06d13b

    • SHA1

      74bdeecc7dc3fa7928b403053ec6a1f6f80a6885

    • SHA256

      05f9fa16273fac7c897181dc3013adf6c18d32e646d46882eb8a8be69ad4c4e2

    • SHA512

      42b5d25eb5372592ea28ce132cd7260c1d573e25bf66bbb8195ea83419dcd6530b7d317edb2bee4a7b0a781224536d9e00cb0dce232b395eb9c9886069b66ffd

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks