sakula | 13578369219d03c9de1813039bbcadc162e8617db26f09e1c2fbeef3963d0fe5 | Triage

Sharing

General

Target

13578369219d03c9de1813039bbcadc162e8617db26f09e1c2fbeef3963d0fe5
Size

36KB
Sample

220212-fw3rlsgdb2
MD5

8d5022d8944822d8afdc3a16de589de3
SHA1

9cebee6a3c555359946552e2a173b90a4f455688
SHA256

13578369219d03c9de1813039bbcadc162e8617db26f09e1c2fbeef3963d0fe5
SHA512

897db163b7255f99b00a91d490b494c5abc5c77e54c3e84e1c65f26f3d7c310f23651cf87f429be88a16571412610945bccb0ef2479192b78aeab8c1293a9a8a

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  13578369219d03c9de1813039bbcadc162e8617db26f09e1c2fbeef3963d0fe5
- Size
  
  36KB
- MD5
  
  8d5022d8944822d8afdc3a16de589de3
- SHA1
  
  9cebee6a3c555359946552e2a173b90a4f455688
- SHA256
  
  13578369219d03c9de1813039bbcadc162e8617db26f09e1c2fbeef3963d0fe5
- SHA512
  
  897db163b7255f99b00a91d490b494c5abc5c77e54c3e84e1c65f26f3d7c310f23651cf87f429be88a16571412610945bccb0ef2479192b78aeab8c1293a9a8a
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan