sakula | 154558a6f8dafb24fed2f092e6db292a582b064f759f55ab57bd390d187bc388 | Triage

Sharing

General

Target

154558a6f8dafb24fed2f092e6db292a582b064f759f55ab57bd390d187bc388
Size

36KB
Sample

220212-e227laheem
MD5

be9e756ed7a7df11f1341593e2a1b8c9
SHA1

d23a32bdbb3f6846c47f82b6184f357d1fb4522a
SHA256

154558a6f8dafb24fed2f092e6db292a582b064f759f55ab57bd390d187bc388
SHA512

d09d3e079ff6b16144506ccb7a2c5af2db6c547566a2981d58064c32add265b475afb9f52620d50a11f471b8554e070ce62a343c91de159ff7404f3cd778c4c4

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  154558a6f8dafb24fed2f092e6db292a582b064f759f55ab57bd390d187bc388
- Size
  
  36KB
- MD5
  
  be9e756ed7a7df11f1341593e2a1b8c9
- SHA1
  
  d23a32bdbb3f6846c47f82b6184f357d1fb4522a
- SHA256
  
  154558a6f8dafb24fed2f092e6db292a582b064f759f55ab57bd390d187bc388
- SHA512
  
  d09d3e079ff6b16144506ccb7a2c5af2db6c547566a2981d58064c32add265b475afb9f52620d50a11f471b8554e070ce62a343c91de159ff7404f3cd778c4c4
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan