sakula | 189dcc58b84522ca1aeed42bab81ba589c2cfe7d6510c0092a7b0efa74ea3651 | Triage

Sharing

General

Target

189dcc58b84522ca1aeed42bab81ba589c2cfe7d6510c0092a7b0efa74ea3651
Size

60KB
Sample

220212-dlf4rafcc5
MD5

ab8d1307ba3d054d872a1ec6923eb1df
SHA1

a96ff682d17699fe6844b7ae5114bce5d327111f
SHA256

189dcc58b84522ca1aeed42bab81ba589c2cfe7d6510c0092a7b0efa74ea3651
SHA512

5c834f5833297e475c7e9fec8c59396718856f04e7378f042049829dfef11a5327e55e15e14b1c74f356b4bcff5b6f35fd3daca5b407f9a65f5c5a0b3ddcad80

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  189dcc58b84522ca1aeed42bab81ba589c2cfe7d6510c0092a7b0efa74ea3651
- Size
  
  60KB
- MD5
  
  ab8d1307ba3d054d872a1ec6923eb1df
- SHA1
  
  a96ff682d17699fe6844b7ae5114bce5d327111f
- SHA256
  
  189dcc58b84522ca1aeed42bab81ba589c2cfe7d6510c0092a7b0efa74ea3651
- SHA512
  
  5c834f5833297e475c7e9fec8c59396718856f04e7378f042049829dfef11a5327e55e15e14b1c74f356b4bcff5b6f35fd3daca5b407f9a65f5c5a0b3ddcad80
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan