sakula | 1713fec767ea9f604d65bfccf6f8e531500e9969219731e92427f7b8501eb382 | Triage

Sharing

General

Target

1713fec767ea9f604d65bfccf6f8e531500e9969219731e92427f7b8501eb382
Size

58KB
Sample

220212-d7f1wafef5
MD5

ead161733466efae3b2030ad6d7891bf
SHA1

0aa2018771acbe622152077b31593b1aaf58d7bc
SHA256

1713fec767ea9f604d65bfccf6f8e531500e9969219731e92427f7b8501eb382
SHA512

02120169ee448a5793b09c3a1105862b25a8c227dc50f7a7aa6e17c2ce0835ba6e76aba3e54ae5f691789fa75498f253b062d8de18765b0afa253e68f063242d

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1713fec767ea9f604d65bfccf6f8e531500e9969219731e92427f7b8501eb382
- Size
  
  58KB
- MD5
  
  ead161733466efae3b2030ad6d7891bf
- SHA1
  
  0aa2018771acbe622152077b31593b1aaf58d7bc
- SHA256
  
  1713fec767ea9f604d65bfccf6f8e531500e9969219731e92427f7b8501eb382
- SHA512
  
  02120169ee448a5793b09c3a1105862b25a8c227dc50f7a7aa6e17c2ce0835ba6e76aba3e54ae5f691789fa75498f253b062d8de18765b0afa253e68f063242d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan