sakula | 133f386139863bef19518beb0f4be59fa2079dbeeb7a406f8a62b3b1dcdf9bde | Triage

Sharing

General

Target

133f386139863bef19518beb0f4be59fa2079dbeeb7a406f8a62b3b1dcdf9bde
Size

36KB
Sample

220212-fx2wpsaaap
MD5

f798f2323a126575b04ccb73ecdd0e71
SHA1

6583578475aa49e4046b48a0676df94482f65368
SHA256

133f386139863bef19518beb0f4be59fa2079dbeeb7a406f8a62b3b1dcdf9bde
SHA512

417ce845ddf3a128d5b1083f2f439b84b2a503201011e4c8eaf0f07a6b21e4f73da84f523589468655df363b5a33386c12cd09921b455591c777cbb047d2c71c

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  133f386139863bef19518beb0f4be59fa2079dbeeb7a406f8a62b3b1dcdf9bde
- Size
  
  36KB
- MD5
  
  f798f2323a126575b04ccb73ecdd0e71
- SHA1
  
  6583578475aa49e4046b48a0676df94482f65368
- SHA256
  
  133f386139863bef19518beb0f4be59fa2079dbeeb7a406f8a62b3b1dcdf9bde
- SHA512
  
  417ce845ddf3a128d5b1083f2f439b84b2a503201011e4c8eaf0f07a6b21e4f73da84f523589468655df363b5a33386c12cd09921b455591c777cbb047d2c71c
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan