General

  • Target

    a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

  • Size

    58KB

  • Sample

    210924-gzcv2agbb4

  • MD5

    eb8e2d67cde387d87a3d78a52a477fb4

  • SHA1

    4138900c2fd72ddfa8fbeedb74bdc460d9a3a42b

  • SHA256

    a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

  • SHA512

    d085267cbfdb096391e5d80353fa08ca9d448e225ce3505f0cd1fb5c45728a7c4495c537d079e8c894baaa94ab07f5e22a2cc7430dc42b870e4da37de0ac32c0

Malware Config

Targets

    • Target

      a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

    • Size

      58KB

    • MD5

      eb8e2d67cde387d87a3d78a52a477fb4

    • SHA1

      4138900c2fd72ddfa8fbeedb74bdc460d9a3a42b

    • SHA256

      a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

    • SHA512

      d085267cbfdb096391e5d80353fa08ca9d448e225ce3505f0cd1fb5c45728a7c4495c537d079e8c894baaa94ab07f5e22a2cc7430dc42b870e4da37de0ac32c0

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Tasks