sakula | 1929a4334e515f85bb2f32a9a9b0265f36210ccca7a4c43489c9951b1307831b | Triage

Sharing

General

Target

1929a4334e515f85bb2f32a9a9b0265f36210ccca7a4c43489c9951b1307831b
Size

58KB
Sample

220212-ddntmagfgn
MD5

ccea97acfb44ffabbfd2d17ff530622b
SHA1

880241c69defe62532d19eefaa38d640fa3b3e0b
SHA256

1929a4334e515f85bb2f32a9a9b0265f36210ccca7a4c43489c9951b1307831b
SHA512

df56c46a8acd47e433c4fb22f4fc5c675f192b1de3585325023a63fdf4f904956e95e1a9a5fb592b6128997e7c3173f56cb4143258bfa997c419c1edcd24a019

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1929a4334e515f85bb2f32a9a9b0265f36210ccca7a4c43489c9951b1307831b
- Size
  
  58KB
- MD5
  
  ccea97acfb44ffabbfd2d17ff530622b
- SHA1
  
  880241c69defe62532d19eefaa38d640fa3b3e0b
- SHA256
  
  1929a4334e515f85bb2f32a9a9b0265f36210ccca7a4c43489c9951b1307831b
- SHA512
  
  df56c46a8acd47e433c4fb22f4fc5c675f192b1de3585325023a63fdf4f904956e95e1a9a5fb592b6128997e7c3173f56cb4143258bfa997c419c1edcd24a019
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan