sakula | 16d3296571e54a6b076b2cede9f6d5ebc8f4e864a83822b23b0af0600d20d3dd | Triage

Sharing

General

Target

16d3296571e54a6b076b2cede9f6d5ebc8f4e864a83822b23b0af0600d20d3dd
Size

35KB
Sample

220212-ebptksffb9
MD5

eeb27e07cca653898e64c8c13797b4e0
SHA1

33ae65c2a7908dea3ef29117d39ba8bb520b2369
SHA256

16d3296571e54a6b076b2cede9f6d5ebc8f4e864a83822b23b0af0600d20d3dd
SHA512

f464e71a36b6a1c52c6a02775585698c96d9a34a5041be066e8e210c6b0199c67c33dd8a321ab4b60d0277d0acb35e42c0e044dbed6f28dfe9032b0682cc460a

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  16d3296571e54a6b076b2cede9f6d5ebc8f4e864a83822b23b0af0600d20d3dd
- Size
  
  35KB
- MD5
  
  eeb27e07cca653898e64c8c13797b4e0
- SHA1
  
  33ae65c2a7908dea3ef29117d39ba8bb520b2369
- SHA256
  
  16d3296571e54a6b076b2cede9f6d5ebc8f4e864a83822b23b0af0600d20d3dd
- SHA512
  
  f464e71a36b6a1c52c6a02775585698c96d9a34a5041be066e8e210c6b0199c67c33dd8a321ab4b60d0277d0acb35e42c0e044dbed6f28dfe9032b0682cc460a
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan