Overview

overview

10

Static

static

10

0293b23c5c...36.exe

windows7_x64

10

0293b23c5c...36.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0293b23c5ce17c34b0373bddd4f3ff03e9abd2a88816fb4d87eb5a61745af836

  • Size

    216KB

  • Sample

    220212-n76lmsdgdk

  • MD5

    2bd394aef3becbf778964d64663c6201

  • SHA1

    147c708e0d1fd203e1db0ab728b08f503777a2e9

  • SHA256

    0293b23c5ce17c34b0373bddd4f3ff03e9abd2a88816fb4d87eb5a61745af836

  • SHA512

    1acf4a30cff5bfd384b1617188f4ec8191c4c0cb9cfb03423547317abac9e3848ae692f78566bd078b2d9bc17fd5bf5b2b36a4d766c7a0c3411ed7904255299d

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0293b23c5ce17c34b0373bddd4f3ff03e9abd2a88816fb4d87eb5a61745af836

    • Size

      216KB

    • MD5

      2bd394aef3becbf778964d64663c6201

    • SHA1

      147c708e0d1fd203e1db0ab728b08f503777a2e9

    • SHA256

      0293b23c5ce17c34b0373bddd4f3ff03e9abd2a88816fb4d87eb5a61745af836

    • SHA512

      1acf4a30cff5bfd384b1617188f4ec8191c4c0cb9cfb03423547317abac9e3848ae692f78566bd078b2d9bc17fd5bf5b2b36a4d766c7a0c3411ed7904255299d

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks