sakula | 108e986f825a919794a11c9cdf5a52ecfdb2a1eae7c2a946a13c8a728886ea95 | Triage

Sharing

General

Target

108e986f825a919794a11c9cdf5a52ecfdb2a1eae7c2a946a13c8a728886ea95
Size

58KB
Sample

220212-gyvdpaghd9
MD5

a71011acda399f90eb8f919e67be19e5
SHA1

ebaca63510c2eb609fac9484ac4331dfce275392
SHA256

108e986f825a919794a11c9cdf5a52ecfdb2a1eae7c2a946a13c8a728886ea95
SHA512

692daaa97b910d0230fce66c654b510b3b99939bcad1ed525a7e9ab27afaff5017686b36bcef4d4e284e357fa18b599c7aec7d47fd4186c61ea40241b5041a6f

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  108e986f825a919794a11c9cdf5a52ecfdb2a1eae7c2a946a13c8a728886ea95
- Size
  
  58KB
- MD5
  
  a71011acda399f90eb8f919e67be19e5
- SHA1
  
  ebaca63510c2eb609fac9484ac4331dfce275392
- SHA256
  
  108e986f825a919794a11c9cdf5a52ecfdb2a1eae7c2a946a13c8a728886ea95
- SHA512
  
  692daaa97b910d0230fce66c654b510b3b99939bcad1ed525a7e9ab27afaff5017686b36bcef4d4e284e357fa18b599c7aec7d47fd4186c61ea40241b5041a6f
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan