sakula | 1266c5db7594b9610c0ba0d218c766f97a1e0c6c82ab90ebc6f0bc6239b82529 | Triage

Sharing

General

Target

1266c5db7594b9610c0ba0d218c766f97a1e0c6c82ab90ebc6f0bc6239b82529
Size

58KB
Sample

220212-f8qb2sged7
MD5

bfac929946e46258723f7f61e7ceef63
SHA1

a782fb4cea03db43c1db60dc0502ee975a7d9090
SHA256

1266c5db7594b9610c0ba0d218c766f97a1e0c6c82ab90ebc6f0bc6239b82529
SHA512

263a4cf6fffc890c9e23de957ff621ba08e8b4be746ca1c4c2a944c6623ee4d3ca5e7b7ff76b8ba0e659a1d747bca6d3b43cb510cfe2f1f1af7c6281d592cf8e

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  1266c5db7594b9610c0ba0d218c766f97a1e0c6c82ab90ebc6f0bc6239b82529
- Size
  
  58KB
- MD5
  
  bfac929946e46258723f7f61e7ceef63
- SHA1
  
  a782fb4cea03db43c1db60dc0502ee975a7d9090
- SHA256
  
  1266c5db7594b9610c0ba0d218c766f97a1e0c6c82ab90ebc6f0bc6239b82529
- SHA512
  
  263a4cf6fffc890c9e23de957ff621ba08e8b4be746ca1c4c2a944c6623ee4d3ca5e7b7ff76b8ba0e659a1d747bca6d3b43cb510cfe2f1f1af7c6281d592cf8e
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan