sakula | 160a19721c741ca23ac06ffcfe20673ca9e58ed98605a6abfdb185405a4bf18a | Triage

Sharing

General

Target

160a19721c741ca23ac06ffcfe20673ca9e58ed98605a6abfdb185405a4bf18a
Size

35KB
Sample

220212-epewjahdan
MD5

d8c9e0807875950ba1739215d70d0ad5
SHA1

2b69142c38656f4c18c53f3999bfc80e50d81ac0
SHA256

160a19721c741ca23ac06ffcfe20673ca9e58ed98605a6abfdb185405a4bf18a
SHA512

9044480af1f9e3e4002bd5b017bbac5082e36a0b2e3953e98609e2725f83362c23cbcabbe2b170af95522dee99260af3724f095d50106649fe4a11736ee55bbe

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  160a19721c741ca23ac06ffcfe20673ca9e58ed98605a6abfdb185405a4bf18a
- Size
  
  35KB
- MD5
  
  d8c9e0807875950ba1739215d70d0ad5
- SHA1
  
  2b69142c38656f4c18c53f3999bfc80e50d81ac0
- SHA256
  
  160a19721c741ca23ac06ffcfe20673ca9e58ed98605a6abfdb185405a4bf18a
- SHA512
  
  9044480af1f9e3e4002bd5b017bbac5082e36a0b2e3953e98609e2725f83362c23cbcabbe2b170af95522dee99260af3724f095d50106649fe4a11736ee55bbe
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan