General
Target

a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

Size

58KB

Sample

210924-gzcv2agbb4

Score
10/10
MD5

eb8e2d67cde387d87a3d78a52a477fb4

SHA1

4138900c2fd72ddfa8fbeedb74bdc460d9a3a42b

SHA256

a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

SHA512

d085267cbfdb096391e5d80353fa08ca9d448e225ce3505f0cd1fb5c45728a7c4495c537d079e8c894baaa94ab07f5e22a2cc7430dc42b870e4da37de0ac32c0

Malware Config
Targets
Target

a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

MD5

eb8e2d67cde387d87a3d78a52a477fb4

Filesize

58KB

Score
10/10
SHA1

4138900c2fd72ddfa8fbeedb74bdc460d9a3a42b

SHA256

a2e5236b9facabd44e2291c6fe7289a1022f1a461db2894c99e3fc91c51e5c24

SHA512

d085267cbfdb096391e5d80353fa08ca9d448e225ce3505f0cd1fb5c45728a7c4495c537d079e8c894baaa94ab07f5e22a2cc7430dc42b870e4da37de0ac32c0

Tags

Signatures

  • Sakula

    Description

    Sakula is a remote access trojan with various capabilities.

    Tags

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10