sakula | 14180789f0338ecf53e144d68855ed903ce1edd6449b05200ca1b997b33ea4fc | Triage

Sharing

General

Target

14180789f0338ecf53e144d68855ed903ce1edd6449b05200ca1b997b33ea4fc
Size

60KB
Sample

220212-fjqxaahgdm
MD5

efed97621a858a69fd74fadb229f48a9
SHA1

a8ce01e42010292968ee69addd4fa7f697e6697a
SHA256

14180789f0338ecf53e144d68855ed903ce1edd6449b05200ca1b997b33ea4fc
SHA512

5fe164f70537c0e92bafd7f11806cde00513a75004682e2376822df67d653082649d4fc205feb229487b254a0c722ec0b9c1796cad0e1664ca8165256c675742

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  14180789f0338ecf53e144d68855ed903ce1edd6449b05200ca1b997b33ea4fc
- Size
  
  60KB
- MD5
  
  efed97621a858a69fd74fadb229f48a9
- SHA1
  
  a8ce01e42010292968ee69addd4fa7f697e6697a
- SHA256
  
  14180789f0338ecf53e144d68855ed903ce1edd6449b05200ca1b997b33ea4fc
- SHA512
  
  5fe164f70537c0e92bafd7f11806cde00513a75004682e2376822df67d653082649d4fc205feb229487b254a0c722ec0b9c1796cad0e1664ca8165256c675742
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan