sakula | 27f40937f824375088dd1b64a7b8d091bb1ce321cae2236495a00d842f278142 | Triage

Sharing

General

Target

27f40937f824375088dd1b64a7b8d091bb1ce321cae2236495a00d842f278142
Size

42KB
Sample

220616-c9z14abdg4
MD5

760afa7d9c66ca9293c3f0df53ce5131
SHA1

26b6fbc3d47a455fe1a91ecd29cd283832b26be7
SHA256

27f40937f824375088dd1b64a7b8d091bb1ce321cae2236495a00d842f278142
SHA512

8abbb5a1191f94941ede5f1888ab98f882306f7cbfd8e9248f8d5c806a403d2ac2d8c38e5014837d81aa88b410a9fe3fc1c2024cf7ef4327bdddf41368586b70

Score

10^/10

sakula persistence rat suricata trojan

Malware Config

Targets

- Target
  
  27f40937f824375088dd1b64a7b8d091bb1ce321cae2236495a00d842f278142
- Size
  
  42KB
- MD5
  
  760afa7d9c66ca9293c3f0df53ce5131
- SHA1
  
  26b6fbc3d47a455fe1a91ecd29cd283832b26be7
- SHA256
  
  27f40937f824375088dd1b64a7b8d091bb1ce321cae2236495a00d842f278142
- SHA512
  
  8abbb5a1191f94941ede5f1888ab98f882306f7cbfd8e9248f8d5c806a403d2ac2d8c38e5014837d81aa88b410a9fe3fc1c2024cf7ef4327bdddf41368586b70
Score

10^/10

sakula persistence rat trojan suricata
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- suricata: ET MALWARE Possible DEEP PANDA C2 Activity
  suricata: ET MALWARE Possible DEEP PANDA C2 Activity
  suricata
- suricata: ET MALWARE Sakula/Mivast C2 Activity
  suricata: ET MALWARE Sakula/Mivast C2 Activity
  suricata
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistenceratsuricatatrojan