Overview

overview

10

Static

static

10

03607ba966...04.exe

windows7_x64

10

03607ba966...04.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03607ba96672641cc210702c6f9f3c4164cd9793a06f9da9b376a6b4349cf604

  • Size

    216KB

  • Sample

    220212-nyfzmadfcm

  • MD5

    ada3019a72fe4233a3e9631d298929fd

  • SHA1

    1b7c91aefbab7ba8551eb3523908cdca130f93d3

  • SHA256

    03607ba96672641cc210702c6f9f3c4164cd9793a06f9da9b376a6b4349cf604

  • SHA512

    accd78ed6433ad252ff224523f78d77ebfd2a0289ed1d650ce81a1310253e3a844048ad7325627571f2a65e45da3400fdae8605f9e0d3cc0aca2db0af4f80411

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      03607ba96672641cc210702c6f9f3c4164cd9793a06f9da9b376a6b4349cf604

    • Size

      216KB

    • MD5

      ada3019a72fe4233a3e9631d298929fd

    • SHA1

      1b7c91aefbab7ba8551eb3523908cdca130f93d3

    • SHA256

      03607ba96672641cc210702c6f9f3c4164cd9793a06f9da9b376a6b4349cf604

    • SHA512

      accd78ed6433ad252ff224523f78d77ebfd2a0289ed1d650ce81a1310253e3a844048ad7325627571f2a65e45da3400fdae8605f9e0d3cc0aca2db0af4f80411

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • Sakula Payload

    • suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata: ET MALWARE SUSPICIOUS UA (iexplore)

      suricata

    • suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1

      suricata

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks