sakula | 127cd87e642cfcb6123d5be8724e91312d61dbfef809fb1aaf9cdd861625e655 | Triage

Sharing

General

Target

127cd87e642cfcb6123d5be8724e91312d61dbfef809fb1aaf9cdd861625e655
Size

58KB
Sample

220212-f7v6xaabbm
MD5

6d36510f1b6aebfd39071560defdca4e
SHA1

b4fab4ecd6907bb18af4d2fd52d62d4444bf17f1
SHA256

127cd87e642cfcb6123d5be8724e91312d61dbfef809fb1aaf9cdd861625e655
SHA512

0170d76ee540b931ceed9cef89752c6c954e872116e96b2d21c4c606e519e4897fa864561c4a9bbdbab35e2b4c66e64b0faa3f0fb67c53eac41a45f459a0fc38

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  127cd87e642cfcb6123d5be8724e91312d61dbfef809fb1aaf9cdd861625e655
- Size
  
  58KB
- MD5
  
  6d36510f1b6aebfd39071560defdca4e
- SHA1
  
  b4fab4ecd6907bb18af4d2fd52d62d4444bf17f1
- SHA256
  
  127cd87e642cfcb6123d5be8724e91312d61dbfef809fb1aaf9cdd861625e655
- SHA512
  
  0170d76ee540b931ceed9cef89752c6c954e872116e96b2d21c4c606e519e4897fa864561c4a9bbdbab35e2b4c66e64b0faa3f0fb67c53eac41a45f459a0fc38
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan