sakula | 12ab3d1fc2882035f6492a5e87d055f0702c39dbdb8a5e789d01374f18a82e58 | Triage

Sharing

General

Target

12ab3d1fc2882035f6492a5e87d055f0702c39dbdb8a5e789d01374f18a82e58
Size

58KB
Sample

220212-f55bssaahq
MD5

33da72ca71f8cf0e12f082f4242f1f41
SHA1

6beefb02634403d0f6ef39c323029c25a8977214
SHA256

12ab3d1fc2882035f6492a5e87d055f0702c39dbdb8a5e789d01374f18a82e58
SHA512

dcf1c461cb191d2c2b0d6a2fb07676e387707e675380544690306aa5a12835f04ed1979f81a8c9a674d92acce2ea2abee54652203d98204cbc387f820b91406e

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  12ab3d1fc2882035f6492a5e87d055f0702c39dbdb8a5e789d01374f18a82e58
- Size
  
  58KB
- MD5
  
  33da72ca71f8cf0e12f082f4242f1f41
- SHA1
  
  6beefb02634403d0f6ef39c323029c25a8977214
- SHA256
  
  12ab3d1fc2882035f6492a5e87d055f0702c39dbdb8a5e789d01374f18a82e58
- SHA512
  
  dcf1c461cb191d2c2b0d6a2fb07676e387707e675380544690306aa5a12835f04ed1979f81a8c9a674d92acce2ea2abee54652203d98204cbc387f820b91406e
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan