Overview

overview

10

Static

static

dfff15bafd...1c.exe

windows7_x64

10

dfff15bafd...1c.exe

windows10_x64

10

dfff15bafd...1c.exe

windows10-2004_x64

10

Resubmissions

22-02-2022 12:38

220222-pt2afaaabn 10

06-07-2020 07:26

200706-je7e9l28s2 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dfff15bafd692a0fdaba1112db5e45bf833beded493f1f97f4264b175ade1a1c

  • Size

    77KB

  • Sample

    220222-pt2afaaabn

  • MD5

    cce983f04093a936e29dbf1d7078bc53

  • SHA1

    619637bdcb8ed1a59e36e6badd1a189bdb35bc2f

  • SHA256

    dfff15bafd692a0fdaba1112db5e45bf833beded493f1f97f4264b175ade1a1c

  • SHA512

    2d84b360e7d5c636b5a893de51a2bc49392731660562be5a1117f9924d6e3f872d74af6a279b71fbb4cb4b1430ca02395d5e160a945d125cf1d3fef9b615d0a5

Score
10/10
sakulapersistenceratsuricatatrojan

Malware Config

Targets

    • Target

      dfff15bafd692a0fdaba1112db5e45bf833beded493f1f97f4264b175ade1a1c

    • Size

      77KB

    • MD5

      cce983f04093a936e29dbf1d7078bc53

    • SHA1

      619637bdcb8ed1a59e36e6badd1a189bdb35bc2f

    • SHA256

      dfff15bafd692a0fdaba1112db5e45bf833beded493f1f97f4264b175ade1a1c

    • SHA512

      2d84b360e7d5c636b5a893de51a2bc49392731660562be5a1117f9924d6e3f872d74af6a279b71fbb4cb4b1430ca02395d5e160a945d125cf1d3fef9b615d0a5

    Score
    10/10
    sakulapersistenceratsuricatatrojan

    • Sakula

      Sakula is a remote access trojan with various capabilities.

      trojanratsakula

    • suricata: ET MALWARE Possible DEEP PANDA C2 Activity

      suricata: ET MALWARE Possible DEEP PANDA C2 Activity

      suricata

    • suricata: ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5

      suricata: ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5

      suricata

    • suricata: ET MALWARE Sakula/Mivast C2 Activity

      suricata: ET MALWARE Sakula/Mivast C2 Activity

      suricata

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks