Overview

overview

10

Static

static

10

05d0d20505...db.exe

windows7_x64

10

05d0d20505...db.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05d0d205051d74c73e5c88c78663a7a3b796d91668938aaab02f399a51b63ddb

  • Size

    188KB

  • Sample

    220212-mz6e8sdbaj

  • MD5

    bf2412da2f63eada23ba9e783c4cdd30

  • SHA1

    1e4e7e19ad79374006cec1893ad3790452de9175

  • SHA256

    05d0d205051d74c73e5c88c78663a7a3b796d91668938aaab02f399a51b63ddb

  • SHA512

    26c026f4374ddf690adee32c1c21670fe24955305b00c362f7ce032fc4d81d04a0245dc72c30d3fd51613e60b94b56e661528d34e8bfd12d062efecb05934926

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      05d0d205051d74c73e5c88c78663a7a3b796d91668938aaab02f399a51b63ddb

    • Size

      188KB

    • MD5

      bf2412da2f63eada23ba9e783c4cdd30

    • SHA1

      1e4e7e19ad79374006cec1893ad3790452de9175

    • SHA256

      05d0d205051d74c73e5c88c78663a7a3b796d91668938aaab02f399a51b63ddb

    • SHA512

      26c026f4374ddf690adee32c1c21670fe24955305b00c362f7ce032fc4d81d04a0245dc72c30d3fd51613e60b94b56e661528d34e8bfd12d062efecb05934926

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks