sakula | 0db5f3df48e234a04a25148fa9704b2391edb110b644580f9d6e91757a65fbdd | Triage

Sharing

General

Target

0db5f3df48e234a04a25148fa9704b2391edb110b644580f9d6e91757a65fbdd
Size

60KB
Sample

220212-h7916sheb5
MD5

5277109558b9ddc47a8e15be945d25de
SHA1

ec4300e0adf2e309043c6c4cfbd1b45b1d5dfd11
SHA256

0db5f3df48e234a04a25148fa9704b2391edb110b644580f9d6e91757a65fbdd
SHA512

c64ef28da737ab41161ab0582d8e3f72b1b837a4b3631b28fb29bdd938554eacf3a20fffe0002620ee14b470634966bbacb69328028255eba66b193c584a14f2

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0db5f3df48e234a04a25148fa9704b2391edb110b644580f9d6e91757a65fbdd
- Size
  
  60KB
- MD5
  
  5277109558b9ddc47a8e15be945d25de
- SHA1
  
  ec4300e0adf2e309043c6c4cfbd1b45b1d5dfd11
- SHA256
  
  0db5f3df48e234a04a25148fa9704b2391edb110b644580f9d6e91757a65fbdd
- SHA512
  
  c64ef28da737ab41161ab0582d8e3f72b1b837a4b3631b28fb29bdd938554eacf3a20fffe0002620ee14b470634966bbacb69328028255eba66b193c584a14f2
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan