sakula | 18be41b8c1366d77e332410e686c5badc302fbd5e67ef119ab852f5deaad1309 | Triage

Sharing

General

Target

18be41b8c1366d77e332410e686c5badc302fbd5e67ef119ab852f5deaad1309
Size

36KB
Sample

220212-djvt5afca8
MD5

a9385caf41e53f8023c42a737335427b
SHA1

a785a2db083fcbad1eeee23365632851fda0d5da
SHA256

18be41b8c1366d77e332410e686c5badc302fbd5e67ef119ab852f5deaad1309
SHA512

0e3afd919f1732e9544b5dc583319b7d5282abaf5f457876c9ab7ccbfa28ccfe9fd14ff63c557b287022e7815ac49d57b0dca43ba3b8c45bffc8610d4f6d36a0

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  18be41b8c1366d77e332410e686c5badc302fbd5e67ef119ab852f5deaad1309
- Size
  
  36KB
- MD5
  
  a9385caf41e53f8023c42a737335427b
- SHA1
  
  a785a2db083fcbad1eeee23365632851fda0d5da
- SHA256
  
  18be41b8c1366d77e332410e686c5badc302fbd5e67ef119ab852f5deaad1309
- SHA512
  
  0e3afd919f1732e9544b5dc583319b7d5282abaf5f457876c9ab7ccbfa28ccfe9fd14ff63c557b287022e7815ac49d57b0dca43ba3b8c45bffc8610d4f6d36a0
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan