sakula | 166ea80aaeef8d9db34be30371eb2fa211508af9a5bf4162094bbb649650e521 | Triage

Sharing

General

Target

166ea80aaeef8d9db34be30371eb2fa211508af9a5bf4162094bbb649650e521
Size

58KB
Sample

220212-ehdd5afga3
MD5

fe616f1f479206b4d8b499888257d7e5
SHA1

81563da6a1cbdb419dd2845064a7445e7f198ae7
SHA256

166ea80aaeef8d9db34be30371eb2fa211508af9a5bf4162094bbb649650e521
SHA512

43d4eeec4a411d9831d8f976e1b8f5f10acb46f6c952b09bb80dd376a4de037d96312be81856369dc8b6cb945cad63c711d165f0225d428033a95e316bc50f6d

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  166ea80aaeef8d9db34be30371eb2fa211508af9a5bf4162094bbb649650e521
- Size
  
  58KB
- MD5
  
  fe616f1f479206b4d8b499888257d7e5
- SHA1
  
  81563da6a1cbdb419dd2845064a7445e7f198ae7
- SHA256
  
  166ea80aaeef8d9db34be30371eb2fa211508af9a5bf4162094bbb649650e521
- SHA512
  
  43d4eeec4a411d9831d8f976e1b8f5f10acb46f6c952b09bb80dd376a4de037d96312be81856369dc8b6cb945cad63c711d165f0225d428033a95e316bc50f6d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan