sakula | 280622602950739b9b13be1aa783a895f674e85d0dccf78d6350bcaa214361a7 | Triage

Sharing

General

Target

280622602950739b9b13be1aa783a895f674e85d0dccf78d6350bcaa214361a7
Size

72KB
Sample

220320-gnyclahgf3
MD5

007a14d72f82e5718e99f23cefbad5c3
SHA1

01bb44f4fb23529ee35a21b0aeb9dd397d72ad90
SHA256

280622602950739b9b13be1aa783a895f674e85d0dccf78d6350bcaa214361a7
SHA512

dac91685a48c284cd02b877df5262883925b955473b7f19e18c6ba68e71ed95ad6e66d49be3ef846b284ce8577508cdd68151eb744add2937f1a2666d76ebfd9

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  280622602950739b9b13be1aa783a895f674e85d0dccf78d6350bcaa214361a7
- Size
  
  72KB
- MD5
  
  007a14d72f82e5718e99f23cefbad5c3
- SHA1
  
  01bb44f4fb23529ee35a21b0aeb9dd397d72ad90
- SHA256
  
  280622602950739b9b13be1aa783a895f674e85d0dccf78d6350bcaa214361a7
- SHA512
  
  dac91685a48c284cd02b877df5262883925b955473b7f19e18c6ba68e71ed95ad6e66d49be3ef846b284ce8577508cdd68151eb744add2937f1a2666d76ebfd9
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan