sakula | 11bb74ad4596bef20d4294f106964c2541913aa3c80030e7076cb2c8b464f2b6 | Triage

Sharing

General

Target

11bb74ad4596bef20d4294f106964c2541913aa3c80030e7076cb2c8b464f2b6
Size

58KB
Sample

220212-gglefsgfd3
MD5

5d46c664cec4df80e5eb76a615de2ca8
SHA1

6bc5301505705c4b37e05db1ed7e2fc97dfa419b
SHA256

11bb74ad4596bef20d4294f106964c2541913aa3c80030e7076cb2c8b464f2b6
SHA512

7e54d73964d2e40ec585a4c090da2ac5a784e38be44967cbb92bede9cedd3d3d92bb11e8793d00599f6447922f1787c278c5f5af9bccda1c39e45aedb2364bd6

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  11bb74ad4596bef20d4294f106964c2541913aa3c80030e7076cb2c8b464f2b6
- Size
  
  58KB
- MD5
  
  5d46c664cec4df80e5eb76a615de2ca8
- SHA1
  
  6bc5301505705c4b37e05db1ed7e2fc97dfa419b
- SHA256
  
  11bb74ad4596bef20d4294f106964c2541913aa3c80030e7076cb2c8b464f2b6
- SHA512
  
  7e54d73964d2e40ec585a4c090da2ac5a784e38be44967cbb92bede9cedd3d3d92bb11e8793d00599f6447922f1787c278c5f5af9bccda1c39e45aedb2364bd6
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan