sakula | 03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c | Triage

Submit
Reports

Overview

overview

Static

static

03e05ab950...5c.exe

windows7_x64

03e05ab950...5c.exe

windows10-2004_x64

Sharing

General

Target

03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c
Size

150KB
Sample

220212-nrxnssdeej
MD5

504182fc577ef509bdf7d3438dc4845f
SHA1

d69dcf96bfc0fc88a77035459d5659a4a2100734
SHA256

03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c
SHA512

1f88aff8a5bcf43364a1d2d2ffd41348efaa0f96a43bb55444528bf80575c3e33a352dfdc041e6d38f827263daa1439d60ab7e9d4e68e96543a3bd764c7ee63b

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c.exe

Resource

win7-en-20211208

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c.exe

Resource

win10v2004-en-20220112

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c
- Size
  
  150KB
- MD5
  
  504182fc577ef509bdf7d3438dc4845f
- SHA1
  
  d69dcf96bfc0fc88a77035459d5659a4a2100734
- SHA256
  
  03e05ab950b341677b795647ea6dd99e1cac32dc0ca38d2dd83343d526dba05c
- SHA512
  
  1f88aff8a5bcf43364a1d2d2ffd41348efaa0f96a43bb55444528bf80575c3e33a352dfdc041e6d38f827263daa1439d60ab7e9d4e68e96543a3bd764c7ee63b
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy