sakula | 136de7eec5b1880c0e78a8ca6a5ff71f8ba92c1bca3c1b146a4e749bfd7e90cb | Triage

Sharing

General

Target

136de7eec5b1880c0e78a8ca6a5ff71f8ba92c1bca3c1b146a4e749bfd7e90cb
Size

60KB
Sample

220212-fvkveagch3
MD5

a3dca5e8d10e4447b0e247e6dcfea541
SHA1

68eb9a74bb985252559912ff75ab4913833821fa
SHA256

136de7eec5b1880c0e78a8ca6a5ff71f8ba92c1bca3c1b146a4e749bfd7e90cb
SHA512

9e2fd841ff6b9f2461d15b18f973cfe8ec357b2f07ca9a2d3b010580aefa41920c586706036655281eb6fc5138161bac523a85434155cd46954613f2f6bbac45

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  136de7eec5b1880c0e78a8ca6a5ff71f8ba92c1bca3c1b146a4e749bfd7e90cb
- Size
  
  60KB
- MD5
  
  a3dca5e8d10e4447b0e247e6dcfea541
- SHA1
  
  68eb9a74bb985252559912ff75ab4913833821fa
- SHA256
  
  136de7eec5b1880c0e78a8ca6a5ff71f8ba92c1bca3c1b146a4e749bfd7e90cb
- SHA512
  
  9e2fd841ff6b9f2461d15b18f973cfe8ec357b2f07ca9a2d3b010580aefa41920c586706036655281eb6fc5138161bac523a85434155cd46954613f2f6bbac45
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan