sakula | 165adcd6131b0198889c500b729cf4c77a337ec5afbe8098385569171be67752 | Triage

Sharing

General

Target

165adcd6131b0198889c500b729cf4c77a337ec5afbe8098385569171be67752
Size

60KB
Sample

220212-ejyrfsfgb6
MD5

47feabce503a8f0e00e043008a886835
SHA1

5c293811604a5cb8949efc12292f384accdf4242
SHA256

165adcd6131b0198889c500b729cf4c77a337ec5afbe8098385569171be67752
SHA512

2c5244a7f0a523475966e333f9349defb67c70c7222d0bddf16849009298be1cb70413797bb96aeb7d619c8c6d14e4623430dc49c29e023e3fb9218def8ad218

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  165adcd6131b0198889c500b729cf4c77a337ec5afbe8098385569171be67752
- Size
  
  60KB
- MD5
  
  47feabce503a8f0e00e043008a886835
- SHA1
  
  5c293811604a5cb8949efc12292f384accdf4242
- SHA256
  
  165adcd6131b0198889c500b729cf4c77a337ec5afbe8098385569171be67752
- SHA512
  
  2c5244a7f0a523475966e333f9349defb67c70c7222d0bddf16849009298be1cb70413797bb96aeb7d619c8c6d14e4623430dc49c29e023e3fb9218def8ad218
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan