sakula | 102ee6533fdd764a5535dce4f6569ab1eb22613092bf84f337f3e5d08edf6d20 | Triage

Sharing

General

Target

102ee6533fdd764a5535dce4f6569ab1eb22613092bf84f337f3e5d08edf6d20
Size

36KB
Sample

220212-g5cgfsaegp
MD5

2041d04f33ec238256b8d186c3d9f634
SHA1

4bfade51723a5d45ddc171b547dd7827f873b87e
SHA256

102ee6533fdd764a5535dce4f6569ab1eb22613092bf84f337f3e5d08edf6d20
SHA512

557689cc05aa422b724602973308c3f34ead5e4c503e38033db52736d054a1f6dd09a84667f29a68f51f2c57a4202d8951625329724f7dfe9c19da2fe0284cd8

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  102ee6533fdd764a5535dce4f6569ab1eb22613092bf84f337f3e5d08edf6d20
- Size
  
  36KB
- MD5
  
  2041d04f33ec238256b8d186c3d9f634
- SHA1
  
  4bfade51723a5d45ddc171b547dd7827f873b87e
- SHA256
  
  102ee6533fdd764a5535dce4f6569ab1eb22613092bf84f337f3e5d08edf6d20
- SHA512
  
  557689cc05aa422b724602973308c3f34ead5e4c503e38033db52736d054a1f6dd09a84667f29a68f51f2c57a4202d8951625329724f7dfe9c19da2fe0284cd8
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan