Analysis Overview
SHA256
2ae57232052a4d9b91056d0b59dde89559e90cc81bb77cb6f9fadf0cd607d753
Threat Level: Known bad
The file 2ae57232052a4d9b91056d0b59dde89559e90cc81bb77cb6f9fadf0cd607d753 was found to be: Known bad.
Malicious Activity Summary
Sakula family
suricata: ET MALWARE SUSPICIOUS UA (iexplore)
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
Sakula Payload
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-05-24 18:03
Signatures
Sakula Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Sakula family
Analysis: behavioral1
Detonation Overview
Submitted
2022-05-24 18:03
Reported
2022-05-24 18:36
Platform
win7-20220414-en
Max time network
125s
Command Line
Signatures
suricata: ET MALWARE SUSPICIOUS UA (iexplore)
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
Processes
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.polarroute.com | udp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 8.8.8.8:53 | www.northpoleroute.com | udp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-05-24 18:03
Reported
2022-05-24 18:36
Platform
win10v2004-20220414-en
Max time network
126s
Command Line
Signatures
suricata: ET MALWARE SUSPICIOUS UA (iexplore)
suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
Processes
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.polarroute.com | udp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 204.11.56.48:80 | www.polarroute.com | tcp |
| US | 8.8.8.8:53 | www.northpoleroute.com | udp |