sakula | 191163d1953773e2ad950b48d85500f7a3b06c01fd13237cac33ea82a5b47316 | Triage

Sharing

General

Target

191163d1953773e2ad950b48d85500f7a3b06c01fd13237cac33ea82a5b47316
Size

58KB
Sample

220212-derxnsgfhm
MD5

a5a43634382a66b893f78d913adf3ffe
SHA1

7ace171a82f063c42dac67ce170fc366a1bfd9e8
SHA256

191163d1953773e2ad950b48d85500f7a3b06c01fd13237cac33ea82a5b47316
SHA512

0a555ed95f236fcf5d404731d6a817cc5df73aed54f6985e79ee577a218d5808f767667c76ff024b7b42863aa847a13bca1ffbd801df452829049610341a8747

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  191163d1953773e2ad950b48d85500f7a3b06c01fd13237cac33ea82a5b47316
- Size
  
  58KB
- MD5
  
  a5a43634382a66b893f78d913adf3ffe
- SHA1
  
  7ace171a82f063c42dac67ce170fc366a1bfd9e8
- SHA256
  
  191163d1953773e2ad950b48d85500f7a3b06c01fd13237cac33ea82a5b47316
- SHA512
  
  0a555ed95f236fcf5d404731d6a817cc5df73aed54f6985e79ee577a218d5808f767667c76ff024b7b42863aa847a13bca1ffbd801df452829049610341a8747
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan