sakula | 9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2 | Triage

Submit
Reports

Overview

overview

Static

static

9f9e86b22b...b2.exe

windows7_x64

9f9e86b22b...b2.exe

windows10-2004_x64

Sharing

General

Target

9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2
Size

512KB
Sample

220705-cr2rzadagj
MD5

95110cc7399723f17204990dec441fe6
SHA1

04f528f70fa09ef6180c19949e76d8eff4c6a3ea
SHA256

9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2
SHA512

339fff2cf29eaeb32431da1474befd5431dd2ad24e8bb3fd4706dce57d333239199d32a2322a92beb5c4e129d3b43170fb2fceba333bfb34c30e5eedc18d8bb7

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2.exe

Resource

win7-20220414-en

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2.exe

Resource

win10v2004-20220414-en

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2
- Size
  
  512KB
- MD5
  
  95110cc7399723f17204990dec441fe6
- SHA1
  
  04f528f70fa09ef6180c19949e76d8eff4c6a3ea
- SHA256
  
  9f9e86b22b4f11c6e4c7defbd05eb64ea0f528a0913b5502d2dc534aee08ddb2
- SHA512
  
  339fff2cf29eaeb32431da1474befd5431dd2ad24e8bb3fd4706dce57d333239199d32a2322a92beb5c4e129d3b43170fb2fceba333bfb34c30e5eedc18d8bb7
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata: ET MALWARE SUSPICIOUS UA (iexplore)
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 1
  suricata
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy