sakula | fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92 | Triage

Submit
Reports

Overview

overview

Static

static

fc8a589a47...92.exe

windows7_x64

fc8a589a47...92.exe

windows10-2004_x64

Sharing

General

Target

fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92
Size

40KB
Sample

220323-lkdw1agbek
MD5

069c1f54a82c6d543fd4363f4277573f
SHA1

3835aec3b01fe1b2e96c5f3db65ca1803a0e2831
SHA256

fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92
SHA512

4444723a40ea49423aee7cc27e6dc00fc978952c2f0c3581b4a2be2902c6d6da33a8a41bc7a5ea281aa2a8c5da0614c80e074ef55f3ec78262e41336d0e190d8

Score

10^/10

sakula persistence rat suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92.exe

Resource

win7-20220310-en

sakula persistence rat suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92.exe

Resource

win10v2004-20220310-en

sakula persistence rat suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92
- Size
  
  40KB
- MD5
  
  069c1f54a82c6d543fd4363f4277573f
- SHA1
  
  3835aec3b01fe1b2e96c5f3db65ca1803a0e2831
- SHA256
  
  fc8a589a472b3c37bf0ce3d266108e7f51dcaa2493e5f250f1af8c3e2c795c92
- SHA512
  
  4444723a40ea49423aee7cc27e6dc00fc978952c2f0c3581b4a2be2902c6d6da33a8a41bc7a5ea281aa2a8c5da0614c80e074ef55f3ec78262e41336d0e190d8
Score

10^/10

sakula persistence rat suricata trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- suricata: ET MALWARE Possible DEEP PANDA C2 Activity
  suricata: ET MALWARE Possible DEEP PANDA C2 Activity
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 6
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 6
  suricata
- suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 7
  suricata: ET MALWARE Sakula/Mivast RAT CnC Beacon 7
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistenceratsuricatatrojan

behavioral2

sakulapersistenceratsuricatatrojan

© 2018-2024

Terms | Privacy