sakula | 1294ef9651c6889ee5c8e3c1442492ae42725eef84344d47981ef73cd78ee59a | Triage

Sharing

General

Target

1294ef9651c6889ee5c8e3c1442492ae42725eef84344d47981ef73cd78ee59a
Size

58KB
Sample

220212-f68evagec3
MD5

b6136a18a497dc6b385308573e2dbb3f
SHA1

8550ae9a8cbef5e25c7ba8cdbbf862795de85906
SHA256

1294ef9651c6889ee5c8e3c1442492ae42725eef84344d47981ef73cd78ee59a
SHA512

aa1eb415e72ec29216384ca1ada24bbeef75808c6f70537faa6c788a28127693e38aaa011c3d91687693b722d63834189be81094a275134a9f9493026588ed80

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1294ef9651c6889ee5c8e3c1442492ae42725eef84344d47981ef73cd78ee59a
- Size
  
  58KB
- MD5
  
  b6136a18a497dc6b385308573e2dbb3f
- SHA1
  
  8550ae9a8cbef5e25c7ba8cdbbf862795de85906
- SHA256
  
  1294ef9651c6889ee5c8e3c1442492ae42725eef84344d47981ef73cd78ee59a
- SHA512
  
  aa1eb415e72ec29216384ca1ada24bbeef75808c6f70537faa6c788a28127693e38aaa011c3d91687693b722d63834189be81094a275134a9f9493026588ed80
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan