sakula | 1695be6bf858aad537106a757449a8cace3c095c3ed1e94051b55c7768547f16 | Triage

Sharing

General

Target

1695be6bf858aad537106a757449a8cace3c095c3ed1e94051b55c7768547f16
Size

60KB
Sample

220212-efyx2sffg4
MD5

c2faac75785d5801b210418f5b5e8b6d
SHA1

3234fb0f043416e21e2950b219fe0f86c13a1a42
SHA256

1695be6bf858aad537106a757449a8cace3c095c3ed1e94051b55c7768547f16
SHA512

29710a7ddea3b6adad4ed702c8d855dd7e64f7a6ed569839b3196cffc7bdc197cdb75798439a531dd1a0605005325f689c93b14dd0ce62a60e6f2205d9f2d06d

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1695be6bf858aad537106a757449a8cace3c095c3ed1e94051b55c7768547f16
- Size
  
  60KB
- MD5
  
  c2faac75785d5801b210418f5b5e8b6d
- SHA1
  
  3234fb0f043416e21e2950b219fe0f86c13a1a42
- SHA256
  
  1695be6bf858aad537106a757449a8cace3c095c3ed1e94051b55c7768547f16
- SHA512
  
  29710a7ddea3b6adad4ed702c8d855dd7e64f7a6ed569839b3196cffc7bdc197cdb75798439a531dd1a0605005325f689c93b14dd0ce62a60e6f2205d9f2d06d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan