sakula | 118536dde5a557eb0bf38fe7164929973b0fdc3d5b6cd7d50e07af476ec55951 | Triage

Sharing

General

Target

118536dde5a557eb0bf38fe7164929973b0fdc3d5b6cd7d50e07af476ec55951
Size

58KB
Sample

220212-gj25zsacer
MD5

929ca576be3d19c281cb61552e9a63ec
SHA1

bcb9268255df237f530bf3dcbac04562ad8cbbad
SHA256

118536dde5a557eb0bf38fe7164929973b0fdc3d5b6cd7d50e07af476ec55951
SHA512

1d5c5b72c88bd83e2769e6b1d4cfcbedb765ba50e334cf5f401902133dc8444ef09ec63ff2fe0c18289897cf3d0e2a9e09dcd271efa06a58ac4c73680af483aa

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  118536dde5a557eb0bf38fe7164929973b0fdc3d5b6cd7d50e07af476ec55951
- Size
  
  58KB
- MD5
  
  929ca576be3d19c281cb61552e9a63ec
- SHA1
  
  bcb9268255df237f530bf3dcbac04562ad8cbbad
- SHA256
  
  118536dde5a557eb0bf38fe7164929973b0fdc3d5b6cd7d50e07af476ec55951
- SHA512
  
  1d5c5b72c88bd83e2769e6b1d4cfcbedb765ba50e334cf5f401902133dc8444ef09ec63ff2fe0c18289897cf3d0e2a9e09dcd271efa06a58ac4c73680af483aa
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan