sakula | 0fe1bf22ddf19d34e2b68302e3280eca90bebab7468e19c14582d2fda9ba11a6 | Triage

Sharing

General

Target

0fe1bf22ddf19d34e2b68302e3280eca90bebab7468e19c14582d2fda9ba11a6
Size

58KB
Sample

220212-g8zq6aafcr
MD5

880e1ded08d1d36203f7fc9cb6c080f9
SHA1

c812c8b26cf5ed412e98e158eff6c7d35077d2b8
SHA256

0fe1bf22ddf19d34e2b68302e3280eca90bebab7468e19c14582d2fda9ba11a6
SHA512

5de607942e4abe56d350ce5fbbdc009100e4c6ef246431158882e990fc504c1827f79c9f4c80375881801608bb122e81f3d9e1048e7daccf9e550843fb332362

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0fe1bf22ddf19d34e2b68302e3280eca90bebab7468e19c14582d2fda9ba11a6
- Size
  
  58KB
- MD5
  
  880e1ded08d1d36203f7fc9cb6c080f9
- SHA1
  
  c812c8b26cf5ed412e98e158eff6c7d35077d2b8
- SHA256
  
  0fe1bf22ddf19d34e2b68302e3280eca90bebab7468e19c14582d2fda9ba11a6
- SHA512
  
  5de607942e4abe56d350ce5fbbdc009100e4c6ef246431158882e990fc504c1827f79c9f4c80375881801608bb122e81f3d9e1048e7daccf9e550843fb332362
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan