Overview

overview

10

Static

static

10

0435f1cbba...3d.exe

windows7_x64

10

0435f1cbba...3d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0435f1cbbae0ceddb656cfccf80ac2847a2af083376bf6f0d5bff0ceb6030d3d

  • Size

    216KB

  • Sample

    220212-nmk47sddhj

  • MD5

    83bf2fbc4432622355df91491c51e197

  • SHA1

    33cd5b9c6076e049faf40c3b8f3871813335cf54

  • SHA256

    0435f1cbbae0ceddb656cfccf80ac2847a2af083376bf6f0d5bff0ceb6030d3d

  • SHA512

    54523d5c78a0ed5f2c77c3904114890bf80e19a301b3e264862a70f1afa47662655defec157eb27759a9ec196b016f2eacdc160948cef610ee22cb708f430657

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      0435f1cbbae0ceddb656cfccf80ac2847a2af083376bf6f0d5bff0ceb6030d3d

    • Size

      216KB

    • MD5

      83bf2fbc4432622355df91491c51e197

    • SHA1

      33cd5b9c6076e049faf40c3b8f3871813335cf54

    • SHA256

      0435f1cbbae0ceddb656cfccf80ac2847a2af083376bf6f0d5bff0ceb6030d3d

    • SHA512

      54523d5c78a0ed5f2c77c3904114890bf80e19a301b3e264862a70f1afa47662655defec157eb27759a9ec196b016f2eacdc160948cef610ee22cb708f430657

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks