sakula | 157bc0858472974959eb2038f4d0aafff028b5f01f8775a7aabced0f5088346f | Triage

Sharing

General

Target

157bc0858472974959eb2038f4d0aafff028b5f01f8775a7aabced0f5088346f
Size

35KB
Sample

220212-eyhnsafhg3
MD5

6c7b30c7b5674178342d29a1ad1c9984
SHA1

460969cfc4f7ed4dd698524c3d70b524c8540901
SHA256

157bc0858472974959eb2038f4d0aafff028b5f01f8775a7aabced0f5088346f
SHA512

fe8d54832077935e02977dc315145dc9e3a33ade5915988d4ae0dbab3482f00a3cef7ae3d5ee9e8a85d59f0a60dc5eb1e85e5dd4d78c11831e90e8f0fba32333

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  157bc0858472974959eb2038f4d0aafff028b5f01f8775a7aabced0f5088346f
- Size
  
  35KB
- MD5
  
  6c7b30c7b5674178342d29a1ad1c9984
- SHA1
  
  460969cfc4f7ed4dd698524c3d70b524c8540901
- SHA256
  
  157bc0858472974959eb2038f4d0aafff028b5f01f8775a7aabced0f5088346f
- SHA512
  
  fe8d54832077935e02977dc315145dc9e3a33ade5915988d4ae0dbab3482f00a3cef7ae3d5ee9e8a85d59f0a60dc5eb1e85e5dd4d78c11831e90e8f0fba32333
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan