sakula | 117500e7e32fddb851fcee23a978fdf44657484f965bfb35e2ad2d477bf4416f | Triage

Sharing

General

Target

117500e7e32fddb851fcee23a978fdf44657484f965bfb35e2ad2d477bf4416f
Size

58KB
Sample

220212-gkpw2sacfp
MD5

152c26784b9b8ece2d78d3772d163051
SHA1

ebd75ac182790fdd64ece46b5f73aa7f5fb0b07b
SHA256

117500e7e32fddb851fcee23a978fdf44657484f965bfb35e2ad2d477bf4416f
SHA512

175f620a0ad1557bf563ab4d809eed7a88b2054ea8a24142e899c1577dcd0a6eef639fcf8f8f2b694e1ed82ab90477db1bb5103f9e7b6e642a89b81fe4eaa560

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  117500e7e32fddb851fcee23a978fdf44657484f965bfb35e2ad2d477bf4416f
- Size
  
  58KB
- MD5
  
  152c26784b9b8ece2d78d3772d163051
- SHA1
  
  ebd75ac182790fdd64ece46b5f73aa7f5fb0b07b
- SHA256
  
  117500e7e32fddb851fcee23a978fdf44657484f965bfb35e2ad2d477bf4416f
- SHA512
  
  175f620a0ad1557bf563ab4d809eed7a88b2054ea8a24142e899c1577dcd0a6eef639fcf8f8f2b694e1ed82ab90477db1bb5103f9e7b6e642a89b81fe4eaa560
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan