sakula | 162b75a3e1ae870aa0372e352a0559251d55bfdc634aaf19bee578bba5a3a45d | Triage

Sharing

General

Target

162b75a3e1ae870aa0372e352a0559251d55bfdc634aaf19bee578bba5a3a45d
Size

58KB
Sample

220212-el4qgsfge3
MD5

4f86e268674e21048afeb08f8b69b8e6
SHA1

edb5c731b80f8b0641c2af8aaf944409cb0c9e31
SHA256

162b75a3e1ae870aa0372e352a0559251d55bfdc634aaf19bee578bba5a3a45d
SHA512

90cfd8d9b065fd3073909bbe1cb3d44cd729150e083c131aa7edf8c78401df670fc9a3dc11b4d30bf458daff2c0999568b9a29633bbb34eb37f7aad64803313c

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  162b75a3e1ae870aa0372e352a0559251d55bfdc634aaf19bee578bba5a3a45d
- Size
  
  58KB
- MD5
  
  4f86e268674e21048afeb08f8b69b8e6
- SHA1
  
  edb5c731b80f8b0641c2af8aaf944409cb0c9e31
- SHA256
  
  162b75a3e1ae870aa0372e352a0559251d55bfdc634aaf19bee578bba5a3a45d
- SHA512
  
  90cfd8d9b065fd3073909bbe1cb3d44cd729150e083c131aa7edf8c78401df670fc9a3dc11b4d30bf458daff2c0999568b9a29633bbb34eb37f7aad64803313c
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan