sakula | 15c3144f79e1ebb0137f419945c47f4b78f1ac89b891cef7789baf4cd39f8a62 | Triage

Sharing

General

Target

15c3144f79e1ebb0137f419945c47f4b78f1ac89b891cef7789baf4cd39f8a62
Size

35KB
Sample

220212-etndgahdfk
MD5

4871b7d96c274f3388cb97ca7e788b1b
SHA1

99f5f4ff71cfe16307446b3ba797a5986b2cc1b5
SHA256

15c3144f79e1ebb0137f419945c47f4b78f1ac89b891cef7789baf4cd39f8a62
SHA512

67bf98f6c86087bb1c48aa9a8e5b420eb0fd8b36c8491e90b5ac0b30adf9d4660ed1f25921cba946ef9a3435020041b6331fd39b2f0f572fc59ca226db691a30

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  15c3144f79e1ebb0137f419945c47f4b78f1ac89b891cef7789baf4cd39f8a62
- Size
  
  35KB
- MD5
  
  4871b7d96c274f3388cb97ca7e788b1b
- SHA1
  
  99f5f4ff71cfe16307446b3ba797a5986b2cc1b5
- SHA256
  
  15c3144f79e1ebb0137f419945c47f4b78f1ac89b891cef7789baf4cd39f8a62
- SHA512
  
  67bf98f6c86087bb1c48aa9a8e5b420eb0fd8b36c8491e90b5ac0b30adf9d4660ed1f25921cba946ef9a3435020041b6331fd39b2f0f572fc59ca226db691a30
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan