sakula | 50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12 | Triage

Sharing

General

Target

50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12
Size

104KB
Sample

220130-yawqaahdcj
MD5

4a7b4635af040cba1851b2f57254ba5e
SHA1

a25e851fcc3e2212e52f4f3a98aa1fd23e1e4c98
SHA256

50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12
SHA512

a0b1474305ca0f6b282fdbcc12a3660baa330186ecde8b3981920f893b6f6728a98b93129566e6b3de027b72508a60ea2023506f7604ba6928dd9368f98124d6

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12
- Size
  
  104KB
- MD5
  
  4a7b4635af040cba1851b2f57254ba5e
- SHA1
  
  a25e851fcc3e2212e52f4f3a98aa1fd23e1e4c98
- SHA256
  
  50fa6fff60ad5a33c55f2d87299a46d3f1aa8631524311349ef9bd83566e1a12
- SHA512
  
  a0b1474305ca0f6b282fdbcc12a3660baa330186ecde8b3981920f893b6f6728a98b93129566e6b3de027b72508a60ea2023506f7604ba6928dd9368f98124d6
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan