sakula | 1972cf18da195815e8382a3eea2eb2e77439c412d2092d6d058a3527cc8ef7d5 | Triage

Sharing

General

Target

1972cf18da195815e8382a3eea2eb2e77439c412d2092d6d058a3527cc8ef7d5
Size

58KB
Sample

220212-dagwxagfcr
MD5

36aa94ab44a004b13682d76ed9a9249b
SHA1

f33a46ca0a9ff722d64f0f9c3b03a14374d1a5ef
SHA256

1972cf18da195815e8382a3eea2eb2e77439c412d2092d6d058a3527cc8ef7d5
SHA512

d44c7e6043b63902be79b94bd4930e8eb66f944b4aeb1dca759aab7c61debb89edcf4a7d0dba905254c661bddbb8262b5b91f984a3425a66c4ef43bc0e9f8196

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1972cf18da195815e8382a3eea2eb2e77439c412d2092d6d058a3527cc8ef7d5
- Size
  
  58KB
- MD5
  
  36aa94ab44a004b13682d76ed9a9249b
- SHA1
  
  f33a46ca0a9ff722d64f0f9c3b03a14374d1a5ef
- SHA256
  
  1972cf18da195815e8382a3eea2eb2e77439c412d2092d6d058a3527cc8ef7d5
- SHA512
  
  d44c7e6043b63902be79b94bd4930e8eb66f944b4aeb1dca759aab7c61debb89edcf4a7d0dba905254c661bddbb8262b5b91f984a3425a66c4ef43bc0e9f8196
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan