sakula | 14ade59533e42d0201f3dc3345053583a4f82272a307fc66996fc91ccff95a6d | Triage

Sharing

General

Target

14ade59533e42d0201f3dc3345053583a4f82272a307fc66996fc91ccff95a6d
Size

58KB
Sample

220212-fclc8ahfem
MD5

1f5e160c96cec784f525d6bb49638c6e
SHA1

40a734c5446b60d837bd9a50f5585b7d9823f174
SHA256

14ade59533e42d0201f3dc3345053583a4f82272a307fc66996fc91ccff95a6d
SHA512

23527eb80b27cd360c3d748f1706094971efa910eb22834d9ed6eee9b94f766c67888a617f92c24efec70c2c8aaf8366b6a2f9ee85ed9fcdf4b2f10b2e991901

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  14ade59533e42d0201f3dc3345053583a4f82272a307fc66996fc91ccff95a6d
- Size
  
  58KB
- MD5
  
  1f5e160c96cec784f525d6bb49638c6e
- SHA1
  
  40a734c5446b60d837bd9a50f5585b7d9823f174
- SHA256
  
  14ade59533e42d0201f3dc3345053583a4f82272a307fc66996fc91ccff95a6d
- SHA512
  
  23527eb80b27cd360c3d748f1706094971efa910eb22834d9ed6eee9b94f766c67888a617f92c24efec70c2c8aaf8366b6a2f9ee85ed9fcdf4b2f10b2e991901
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan