sakula | 15fd8ff16e7e3e4c1b8a3712282a71c28d296fd4b6585040c129bcd1e6ba06b1 | Triage

Sharing

General

Target

15fd8ff16e7e3e4c1b8a3712282a71c28d296fd4b6585040c129bcd1e6ba06b1
Size

36KB
Sample

220212-epz7gafgg7
MD5

9844f5d1f6dc5a42541700b101439667
SHA1

d5ca15921e32425b60b1df9e8b7d5aea94c3be0e
SHA256

15fd8ff16e7e3e4c1b8a3712282a71c28d296fd4b6585040c129bcd1e6ba06b1
SHA512

8458bde669af89e0b763404cb1bc23e7a6b82c53b83a88f81d5a292a57400716f4cc0c70ee54bd8c88c27946d9083912758e75ee82ffe8be828cef167290bf4a

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  15fd8ff16e7e3e4c1b8a3712282a71c28d296fd4b6585040c129bcd1e6ba06b1
- Size
  
  36KB
- MD5
  
  9844f5d1f6dc5a42541700b101439667
- SHA1
  
  d5ca15921e32425b60b1df9e8b7d5aea94c3be0e
- SHA256
  
  15fd8ff16e7e3e4c1b8a3712282a71c28d296fd4b6585040c129bcd1e6ba06b1
- SHA512
  
  8458bde669af89e0b763404cb1bc23e7a6b82c53b83a88f81d5a292a57400716f4cc0c70ee54bd8c88c27946d9083912758e75ee82ffe8be828cef167290bf4a
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan