sakula | 104759bd1cf477303579dae8ad442f578e79056bdd94cc1a02aae165b72c83b1 | Triage

Sharing

General

Target

104759bd1cf477303579dae8ad442f578e79056bdd94cc1a02aae165b72c83b1
Size

36KB
Sample

220212-g3sewsaeer
MD5

5b4f01742fdb8607a946d43d2f2d5ffd
SHA1

a126f50ce38de948e0e3286c1f979873300dffdd
SHA256

104759bd1cf477303579dae8ad442f578e79056bdd94cc1a02aae165b72c83b1
SHA512

c7b2d351edc86f43be17afa4b5c5a8884263cf85e0a4ab96e565ede4a3c1feead8daa0aa5a50a93077cf12fa3d2634a18f2b83dc33532a2f809092d83410bf29

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  104759bd1cf477303579dae8ad442f578e79056bdd94cc1a02aae165b72c83b1
- Size
  
  36KB
- MD5
  
  5b4f01742fdb8607a946d43d2f2d5ffd
- SHA1
  
  a126f50ce38de948e0e3286c1f979873300dffdd
- SHA256
  
  104759bd1cf477303579dae8ad442f578e79056bdd94cc1a02aae165b72c83b1
- SHA512
  
  c7b2d351edc86f43be17afa4b5c5a8884263cf85e0a4ab96e565ede4a3c1feead8daa0aa5a50a93077cf12fa3d2634a18f2b83dc33532a2f809092d83410bf29
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan