Overview

overview

10

Static

static

10

04c89ed640...41.exe

windows7_x64

10

04c89ed640...41.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    04c89ed64019e3835b44157a97e63c614744527bfe294c7d0c775551c7b99441

  • Size

    216KB

  • Sample

    220212-ndmaxadcgk

  • MD5

    302d599e42b91c11e2be761923e2a619

  • SHA1

    c4e3f91cd0e3b2a94ac25769a1a182e850615444

  • SHA256

    04c89ed64019e3835b44157a97e63c614744527bfe294c7d0c775551c7b99441

  • SHA512

    300bc552240a70de253f0309230453b604b2268facf22d5f955c9f0298c7171e5e57eb5e8d97a9f6fb90de7ea2425aad286ba70724e9d0fe779a618855005b70

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      04c89ed64019e3835b44157a97e63c614744527bfe294c7d0c775551c7b99441

    • Size

      216KB

    • MD5

      302d599e42b91c11e2be761923e2a619

    • SHA1

      c4e3f91cd0e3b2a94ac25769a1a182e850615444

    • SHA256

      04c89ed64019e3835b44157a97e63c614744527bfe294c7d0c775551c7b99441

    • SHA512

      300bc552240a70de253f0309230453b604b2268facf22d5f955c9f0298c7171e5e57eb5e8d97a9f6fb90de7ea2425aad286ba70724e9d0fe779a618855005b70

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks