sakula | 125e69bf738fd37c47f004e7b8609785dfa01ac241e6527023628d55eacd0e5c | Triage

Sharing

General

Target

125e69bf738fd37c47f004e7b8609785dfa01ac241e6527023628d55eacd0e5c
Size

35KB
Sample

220212-f86zssabdj
MD5

0c1eb61d71487c65a019b983c432c7cc
SHA1

05377f2f0015817a69608a18bb1ba1b994bceb8a
SHA256

125e69bf738fd37c47f004e7b8609785dfa01ac241e6527023628d55eacd0e5c
SHA512

fad99f54c820a524b78b4f8e4da4abd03608b1bf9a4910423b30523710831d5646bbd0b1778d119867ec908c9f83384dcc2e44de32f4d4653c66caa9ed311546

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  125e69bf738fd37c47f004e7b8609785dfa01ac241e6527023628d55eacd0e5c
- Size
  
  35KB
- MD5
  
  0c1eb61d71487c65a019b983c432c7cc
- SHA1
  
  05377f2f0015817a69608a18bb1ba1b994bceb8a
- SHA256
  
  125e69bf738fd37c47f004e7b8609785dfa01ac241e6527023628d55eacd0e5c
- SHA512
  
  fad99f54c820a524b78b4f8e4da4abd03608b1bf9a4910423b30523710831d5646bbd0b1778d119867ec908c9f83384dcc2e44de32f4d4653c66caa9ed311546
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan