sakula | 0dfa1f1f18bbce6bba43e0fcce4f17f16c2bc05b83a94dae0ab566f765dd3aff | Triage

Sharing

General

Target

0dfa1f1f18bbce6bba43e0fcce4f17f16c2bc05b83a94dae0ab566f765dd3aff
Size

36KB
Sample

220212-h4vr3sbabr
MD5

5a1942bcfb3a4dd1f2e2c2715ae0ae69
SHA1

3900751a9e09ec541d62947198eda044fbcf46e4
SHA256

0dfa1f1f18bbce6bba43e0fcce4f17f16c2bc05b83a94dae0ab566f765dd3aff
SHA512

f2ac846ddf3489719bc29513a5ba714412575bbcc3df16edd72bf8d2f593478cc3ae24c773701d3c5da3d751a81c85b31d49c8ae757b5a36224b87a4f2590450

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0dfa1f1f18bbce6bba43e0fcce4f17f16c2bc05b83a94dae0ab566f765dd3aff
- Size
  
  36KB
- MD5
  
  5a1942bcfb3a4dd1f2e2c2715ae0ae69
- SHA1
  
  3900751a9e09ec541d62947198eda044fbcf46e4
- SHA256
  
  0dfa1f1f18bbce6bba43e0fcce4f17f16c2bc05b83a94dae0ab566f765dd3aff
- SHA512
  
  f2ac846ddf3489719bc29513a5ba714412575bbcc3df16edd72bf8d2f593478cc3ae24c773701d3c5da3d751a81c85b31d49c8ae757b5a36224b87a4f2590450
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan