sakula | 15aa71c370943f7823a94da9389383c60273ad6c10cfb4bbcfec021638eb6e53 | Triage

Sharing

General

Target

15aa71c370943f7823a94da9389383c60273ad6c10cfb4bbcfec021638eb6e53
Size

35KB
Sample

220212-evn2dsfhd5
MD5

3c1176118bbe7b3870e5dbb330ab9520
SHA1

afac36437694a5a61c10a207396a6a134c727dc4
SHA256

15aa71c370943f7823a94da9389383c60273ad6c10cfb4bbcfec021638eb6e53
SHA512

c1a4c4b2fd104e0d385db599c74bbf1541ac8606a660e1f1ce58cfc48388a71112bb6993f6e0b91abccb71c9b499305127ea105522d885c86e692f4a873989f5

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  15aa71c370943f7823a94da9389383c60273ad6c10cfb4bbcfec021638eb6e53
- Size
  
  35KB
- MD5
  
  3c1176118bbe7b3870e5dbb330ab9520
- SHA1
  
  afac36437694a5a61c10a207396a6a134c727dc4
- SHA256
  
  15aa71c370943f7823a94da9389383c60273ad6c10cfb4bbcfec021638eb6e53
- SHA512
  
  c1a4c4b2fd104e0d385db599c74bbf1541ac8606a660e1f1ce58cfc48388a71112bb6993f6e0b91abccb71c9b499305127ea105522d885c86e692f4a873989f5
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan