sakula | 14f0db37a9c12172040478c237e9e8afc0dc85af3cbf179ccac3a91cec5e4fbf | Triage

Sharing

General

Target

14f0db37a9c12172040478c237e9e8afc0dc85af3cbf179ccac3a91cec5e4fbf
Size

36KB
Sample

220212-e9sccsgag5
MD5

ddd44111bbf723b3ff37e08ee904c038
SHA1

56d395c3ec88c2a77e1b935aa876c4d7ff9e9528
SHA256

14f0db37a9c12172040478c237e9e8afc0dc85af3cbf179ccac3a91cec5e4fbf
SHA512

e6d8b2e6d5d9f7491c48e3e1d81fdb7ea17b207af4c2990b64c33b6aa1d0a0dc2eb2588403fb77ff65805f8b06d02f3b3cc34a6f215698669b92ff1b2ef0b48d

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  14f0db37a9c12172040478c237e9e8afc0dc85af3cbf179ccac3a91cec5e4fbf
- Size
  
  36KB
- MD5
  
  ddd44111bbf723b3ff37e08ee904c038
- SHA1
  
  56d395c3ec88c2a77e1b935aa876c4d7ff9e9528
- SHA256
  
  14f0db37a9c12172040478c237e9e8afc0dc85af3cbf179ccac3a91cec5e4fbf
- SHA512
  
  e6d8b2e6d5d9f7491c48e3e1d81fdb7ea17b207af4c2990b64c33b6aa1d0a0dc2eb2588403fb77ff65805f8b06d02f3b3cc34a6f215698669b92ff1b2ef0b48d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan