sakula | 179150e6b22d05704ae2a05b2f35a14b7a5ce17b6053ebbcb5eef2b350e648d9 | Triage

Sharing

General

Target

179150e6b22d05704ae2a05b2f35a14b7a5ce17b6053ebbcb5eef2b350e648d9
Size

35KB
Sample

220212-d1hk5ahack
MD5

fa1290789b299390b674947970b02bc2
SHA1

fae2f51d67ab1b2ba8d1b4a3244940021e3598d5
SHA256

179150e6b22d05704ae2a05b2f35a14b7a5ce17b6053ebbcb5eef2b350e648d9
SHA512

e7164c59db2e0b2397314241409e8f53098ad18334c3000cf33b19a61c0cc399cc1c325510c468e25f2e0beeebd79b9c2a831bcb3fc197603f61dc0cb138e8bb

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  179150e6b22d05704ae2a05b2f35a14b7a5ce17b6053ebbcb5eef2b350e648d9
- Size
  
  35KB
- MD5
  
  fa1290789b299390b674947970b02bc2
- SHA1
  
  fae2f51d67ab1b2ba8d1b4a3244940021e3598d5
- SHA256
  
  179150e6b22d05704ae2a05b2f35a14b7a5ce17b6053ebbcb5eef2b350e648d9
- SHA512
  
  e7164c59db2e0b2397314241409e8f53098ad18334c3000cf33b19a61c0cc399cc1c325510c468e25f2e0beeebd79b9c2a831bcb3fc197603f61dc0cb138e8bb
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan