sakula | 194cb19eee281bf9c5ec68f8c02af28bfdd103d1952e7ab5d4e4a808e361ae2e | Triage

Sharing

General

Target

194cb19eee281bf9c5ec68f8c02af28bfdd103d1952e7ab5d4e4a808e361ae2e
Size

58KB
Sample

220212-db9nbafbc6
MD5

f92cefd120143642dec344b1ef274b66
SHA1

bd718fb5b00dd59ff62da41438ccdb1dc6ee108b
SHA256

194cb19eee281bf9c5ec68f8c02af28bfdd103d1952e7ab5d4e4a808e361ae2e
SHA512

bde6931b9fe7e2c0bf817c9d3387086e9b85992cc9fede4fb5841acc1bade3a6fd943e09ea07fad9b2c8c50068303dbddd40e048beed79586b3199fe140925c2

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  194cb19eee281bf9c5ec68f8c02af28bfdd103d1952e7ab5d4e4a808e361ae2e
- Size
  
  58KB
- MD5
  
  f92cefd120143642dec344b1ef274b66
- SHA1
  
  bd718fb5b00dd59ff62da41438ccdb1dc6ee108b
- SHA256
  
  194cb19eee281bf9c5ec68f8c02af28bfdd103d1952e7ab5d4e4a808e361ae2e
- SHA512
  
  bde6931b9fe7e2c0bf817c9d3387086e9b85992cc9fede4fb5841acc1bade3a6fd943e09ea07fad9b2c8c50068303dbddd40e048beed79586b3199fe140925c2
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan