sakula | 14b9a30981e2c6eab650229031b567f9c10afab0dd3edca1439a2a8308363b48 | Triage

Sharing

General

Target

14b9a30981e2c6eab650229031b567f9c10afab0dd3edca1439a2a8308363b48
Size

36KB
Sample

220212-fb9z7ahfek
MD5

d0d091cf808af13ddcc05efb2fed719b
SHA1

20cea7be8df5480af9fff6f7c2c173317dd263c2
SHA256

14b9a30981e2c6eab650229031b567f9c10afab0dd3edca1439a2a8308363b48
SHA512

8de6ef95c699226d91fcce3a64b02bb2829270ab4d5fe28a698398042fbc8b143a2cdd7a1efebabb8ebfb5fa44f1940c58f4870b7bd336e410a30f88dfda468a

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  14b9a30981e2c6eab650229031b567f9c10afab0dd3edca1439a2a8308363b48
- Size
  
  36KB
- MD5
  
  d0d091cf808af13ddcc05efb2fed719b
- SHA1
  
  20cea7be8df5480af9fff6f7c2c173317dd263c2
- SHA256
  
  14b9a30981e2c6eab650229031b567f9c10afab0dd3edca1439a2a8308363b48
- SHA512
  
  8de6ef95c699226d91fcce3a64b02bb2829270ab4d5fe28a698398042fbc8b143a2cdd7a1efebabb8ebfb5fa44f1940c58f4870b7bd336e410a30f88dfda468a
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan