General

  • Target

    6699ed985b80cf027b8ac2e914cbe85e97d2ba27962aad45c0f128eece97e630

  • Size

    44KB

  • Sample

    220323-lkdw1abge8

  • MD5

    bd0c5a300f38dbcd5df55edc20426bd6

  • SHA1

    fd8cfb0e3fa32b42ccbffc4c0dd8f1ab94896358

  • SHA256

    6699ed985b80cf027b8ac2e914cbe85e97d2ba27962aad45c0f128eece97e630

  • SHA512

    c2d0d1d34a187e72522708de4ada0e3bc38e1d0983d76078af760f6689f58827e355411365d593d63bf027b05714badc2302e40a0345f49254811a096d7f5fe9

Malware Config

Targets

    • Target

      6699ed985b80cf027b8ac2e914cbe85e97d2ba27962aad45c0f128eece97e630

    • Size

      44KB

    • MD5

      bd0c5a300f38dbcd5df55edc20426bd6

    • SHA1

      fd8cfb0e3fa32b42ccbffc4c0dd8f1ab94896358

    • SHA256

      6699ed985b80cf027b8ac2e914cbe85e97d2ba27962aad45c0f128eece97e630

    • SHA512

      c2d0d1d34a187e72522708de4ada0e3bc38e1d0983d76078af760f6689f58827e355411365d593d63bf027b05714badc2302e40a0345f49254811a096d7f5fe9

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

2
T1112

Discovery

Remote System Discovery

1
T1018

Tasks