sakula | 0ff4c40f529c583de61b17df33624eee67dd703d652d462d52f876952bce5ee1 | Triage

Sharing

General

Target

0ff4c40f529c583de61b17df33624eee67dd703d652d462d52f876952bce5ee1
Size

58KB
Sample

220212-g7rn6aafbk
MD5

72ff114976adb828cc6f243d3d926fda
SHA1

c0625bc31fa4ea9e2fc3130637d40f41061ed0e2
SHA256

0ff4c40f529c583de61b17df33624eee67dd703d652d462d52f876952bce5ee1
SHA512

feaab25e558a4bfc2001ac3d5f5297915bf82e693a65c433620041232a329f4351165a3980dc8a0d8061b410f241d1d4bc3ad3ecdc10df98c3c6438440ad0a70

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0ff4c40f529c583de61b17df33624eee67dd703d652d462d52f876952bce5ee1
- Size
  
  58KB
- MD5
  
  72ff114976adb828cc6f243d3d926fda
- SHA1
  
  c0625bc31fa4ea9e2fc3130637d40f41061ed0e2
- SHA256
  
  0ff4c40f529c583de61b17df33624eee67dd703d652d462d52f876952bce5ee1
- SHA512
  
  feaab25e558a4bfc2001ac3d5f5297915bf82e693a65c433620041232a329f4351165a3980dc8a0d8061b410f241d1d4bc3ad3ecdc10df98c3c6438440ad0a70
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan