sakula | 1553eef6b26cfe078eeb603b328a450f3a326e5a2e82eed404bba3cacab3956f | Triage

Sharing

General

Target

1553eef6b26cfe078eeb603b328a450f3a326e5a2e82eed404bba3cacab3956f
Size

58KB
Sample

220212-e19v2sgab4
MD5

9e25fd48b99ba06bb0a3e7eec967104c
SHA1

93db2cb4771f6d093af9970318bdaaaadc5b23bd
SHA256

1553eef6b26cfe078eeb603b328a450f3a326e5a2e82eed404bba3cacab3956f
SHA512

630bd2fb54563a69c7a30bb510064529f047861fb66eb96f8bf0ce34c8fd9cf6939f76f636c3bdac40f89dca91c910f0bf63bba9cf9a1e25e23a34e1cc34c7f4

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1553eef6b26cfe078eeb603b328a450f3a326e5a2e82eed404bba3cacab3956f
- Size
  
  58KB
- MD5
  
  9e25fd48b99ba06bb0a3e7eec967104c
- SHA1
  
  93db2cb4771f6d093af9970318bdaaaadc5b23bd
- SHA256
  
  1553eef6b26cfe078eeb603b328a450f3a326e5a2e82eed404bba3cacab3956f
- SHA512
  
  630bd2fb54563a69c7a30bb510064529f047861fb66eb96f8bf0ce34c8fd9cf6939f76f636c3bdac40f89dca91c910f0bf63bba9cf9a1e25e23a34e1cc34c7f4
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan