sakula | 100c8e64475c8c8f74541d24547368fd526a32d535fbc0f8def7491ac302a43f | Triage

Sharing

General

Target

100c8e64475c8c8f74541d24547368fd526a32d535fbc0f8def7491ac302a43f
Size

58KB
Sample

220212-g6wlqaafal
MD5

88e4be4c507e9b02c54c32cecd7b91a4
SHA1

c52611d0775ece5d2755cd7c634584980575962e
SHA256

100c8e64475c8c8f74541d24547368fd526a32d535fbc0f8def7491ac302a43f
SHA512

771367dba2813811dcd7eea4060d50c18f098b6616fb0dbb7673bee58839ef00eda863b644e611ef45e2677ca974e4b4e50f80092096dd5eab41c860f3c07464

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  100c8e64475c8c8f74541d24547368fd526a32d535fbc0f8def7491ac302a43f
- Size
  
  58KB
- MD5
  
  88e4be4c507e9b02c54c32cecd7b91a4
- SHA1
  
  c52611d0775ece5d2755cd7c634584980575962e
- SHA256
  
  100c8e64475c8c8f74541d24547368fd526a32d535fbc0f8def7491ac302a43f
- SHA512
  
  771367dba2813811dcd7eea4060d50c18f098b6616fb0dbb7673bee58839ef00eda863b644e611ef45e2677ca974e4b4e50f80092096dd5eab41c860f3c07464
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan