sakula | 133cbcbdfbadd226c186ee60bcd432877941e5a70356489ce2f02004d9a1c053 | Triage

Sharing

General

Target

133cbcbdfbadd226c186ee60bcd432877941e5a70356489ce2f02004d9a1c053
Size

58KB
Sample

220212-fx66esaaaq
MD5

f414263b3e962ced7fc537bd5e2c8539
SHA1

a1075633247b627bbac8fff8deca76f7203f1091
SHA256

133cbcbdfbadd226c186ee60bcd432877941e5a70356489ce2f02004d9a1c053
SHA512

c75d18ac17a3f4c687b4de1fac0e9212f055101bfc3fe5f714efbf17de47bd67d7fc2549bfed0e6b0a66fc890edab590fc13d4d9547d7e365f93bb80273593dc

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  133cbcbdfbadd226c186ee60bcd432877941e5a70356489ce2f02004d9a1c053
- Size
  
  58KB
- MD5
  
  f414263b3e962ced7fc537bd5e2c8539
- SHA1
  
  a1075633247b627bbac8fff8deca76f7203f1091
- SHA256
  
  133cbcbdfbadd226c186ee60bcd432877941e5a70356489ce2f02004d9a1c053
- SHA512
  
  c75d18ac17a3f4c687b4de1fac0e9212f055101bfc3fe5f714efbf17de47bd67d7fc2549bfed0e6b0a66fc890edab590fc13d4d9547d7e365f93bb80273593dc
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan