sakula | 10855ab77906604631b4be6f15410e7fb4a118a19f3ebabce447cad19294f439 | Triage

Sharing

General

Target

10855ab77906604631b4be6f15410e7fb4a118a19f3ebabce447cad19294f439
Size

58KB
Sample

220212-gzdgkaaebp
MD5

c148af8e8acb363949470eed28c38a86
SHA1

d0f5c4664f91fa87a7117a565ac07ac66abb2c33
SHA256

10855ab77906604631b4be6f15410e7fb4a118a19f3ebabce447cad19294f439
SHA512

c57ba1748ac3d45ca5ac27999a1651855005d3c02a5cc3e01533796d1f06c3a7ec0946177349d23393039064de56d87bbf4d8c92f1d9ebee932822424d845ad4

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  10855ab77906604631b4be6f15410e7fb4a118a19f3ebabce447cad19294f439
- Size
  
  58KB
- MD5
  
  c148af8e8acb363949470eed28c38a86
- SHA1
  
  d0f5c4664f91fa87a7117a565ac07ac66abb2c33
- SHA256
  
  10855ab77906604631b4be6f15410e7fb4a118a19f3ebabce447cad19294f439
- SHA512
  
  c57ba1748ac3d45ca5ac27999a1651855005d3c02a5cc3e01533796d1f06c3a7ec0946177349d23393039064de56d87bbf4d8c92f1d9ebee932822424d845ad4
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan