sakula | 11a097e3db2cc09bedc8c7500981637d1db2ce9950c125bf0c55e6ea5103c6c8 | Triage

Sharing

General

Target

11a097e3db2cc09bedc8c7500981637d1db2ce9950c125bf0c55e6ea5103c6c8
Size

35KB
Sample

220212-ghyfeagfe9
MD5

a70f291dcee3db73b910c6d280159d1a
SHA1

91e52726e7a45ac46440694921354bf4da70962a
SHA256

11a097e3db2cc09bedc8c7500981637d1db2ce9950c125bf0c55e6ea5103c6c8
SHA512

dec9c341b571c31cce568196865e547d37b3c76b497538d1a4a130b34626c6aff0445eaf022ad65d88dc831ff682836cf9681722169c1f14ca2ce8011c2a10be

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  11a097e3db2cc09bedc8c7500981637d1db2ce9950c125bf0c55e6ea5103c6c8
- Size
  
  35KB
- MD5
  
  a70f291dcee3db73b910c6d280159d1a
- SHA1
  
  91e52726e7a45ac46440694921354bf4da70962a
- SHA256
  
  11a097e3db2cc09bedc8c7500981637d1db2ce9950c125bf0c55e6ea5103c6c8
- SHA512
  
  dec9c341b571c31cce568196865e547d37b3c76b497538d1a4a130b34626c6aff0445eaf022ad65d88dc831ff682836cf9681722169c1f14ca2ce8011c2a10be
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan