Resubmissions

28-02-2022 15:52

220228-tbj1nagabj 10

28-02-2021 07:10

210228-f7bg27p6bj 1

General

  • Target

    99ec328bcbd54812cedd440448412187f1237e6b8f087e3a6dec0ec5421ed2b8

  • Size

    80KB

  • Sample

    220228-tbj1nagabj

  • MD5

    adb692a6723aecf736f9314a6bf64b8f

  • SHA1

    6b059d15b577fca1c0815e1051378e9955b7c7fd

  • SHA256

    99ec328bcbd54812cedd440448412187f1237e6b8f087e3a6dec0ec5421ed2b8

  • SHA512

    114b03b4a8a0feb6a18acf8ec3077754549756f0327f7684cc716ec6b49601c5f9fb4a6c06147c94809c79768adbe24211a34ef7fb1d1e7e6e74660478e0186c

Malware Config

Targets

    • Target

      99ec328bcbd54812cedd440448412187f1237e6b8f087e3a6dec0ec5421ed2b8

    • Size

      80KB

    • MD5

      adb692a6723aecf736f9314a6bf64b8f

    • SHA1

      6b059d15b577fca1c0815e1051378e9955b7c7fd

    • SHA256

      99ec328bcbd54812cedd440448412187f1237e6b8f087e3a6dec0ec5421ed2b8

    • SHA512

      114b03b4a8a0feb6a18acf8ec3077754549756f0327f7684cc716ec6b49601c5f9fb4a6c06147c94809c79768adbe24211a34ef7fb1d1e7e6e74660478e0186c

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • suricata: ET MALWARE Possible DEEP PANDA C2 Activity

      suricata: ET MALWARE Possible DEEP PANDA C2 Activity

    • suricata: ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5

      suricata: ET MALWARE Possible Deep Panda - Sakula/Mivast RAT CnC Beacon 5

    • suricata: ET MALWARE Sakula/Mivast C2 Activity

      suricata: ET MALWARE Sakula/Mivast C2 Activity

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Remote System Discovery

1
T1018

Tasks