sakula | 105d824d65eb535a2fa3523ed4917ea7c368d512a31023abf857bff582a5b2fc | Triage

Sharing

General

Target

105d824d65eb535a2fa3523ed4917ea7c368d512a31023abf857bff582a5b2fc
Size

58KB
Sample

220212-g2gl1aghh2
MD5

b861b218107de70af0ae880a7c123224
SHA1

4b0fea0b12fe37c9651236050efb38fa0dbdb18a
SHA256

105d824d65eb535a2fa3523ed4917ea7c368d512a31023abf857bff582a5b2fc
SHA512

adc116afc9106ee790a201e7868aca78002e7d609f77ae5d25bb033d43543490de81363a050394585b2b688471eaa9df1ffc8cd03bfd238995a2abfaff072ebe

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  105d824d65eb535a2fa3523ed4917ea7c368d512a31023abf857bff582a5b2fc
- Size
  
  58KB
- MD5
  
  b861b218107de70af0ae880a7c123224
- SHA1
  
  4b0fea0b12fe37c9651236050efb38fa0dbdb18a
- SHA256
  
  105d824d65eb535a2fa3523ed4917ea7c368d512a31023abf857bff582a5b2fc
- SHA512
  
  adc116afc9106ee790a201e7868aca78002e7d609f77ae5d25bb033d43543490de81363a050394585b2b688471eaa9df1ffc8cd03bfd238995a2abfaff072ebe
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan