sakula | 0d992c26743f721652e7492fd6d93f9eff315509c6db5063663355305c90fa9a | Triage

Sharing

General

Target

0d992c26743f721652e7492fd6d93f9eff315509c6db5063663355305c90fa9a
Size

60KB
Sample

220212-h9lrcshec8
MD5

6a8261753fe435b7372d67986c27e4f5
SHA1

8c2a9d7af0dbbbd9b3c6cbda15d544de773baa5c
SHA256

0d992c26743f721652e7492fd6d93f9eff315509c6db5063663355305c90fa9a
SHA512

bbe001edd4f2a856ec44b05378a0e736270a042309dcbda13556bc91d23995401ac4e77b86209df18ef5a42dbb8a380554015694badde59154b5178c2f3419d8

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0d992c26743f721652e7492fd6d93f9eff315509c6db5063663355305c90fa9a
- Size
  
  60KB
- MD5
  
  6a8261753fe435b7372d67986c27e4f5
- SHA1
  
  8c2a9d7af0dbbbd9b3c6cbda15d544de773baa5c
- SHA256
  
  0d992c26743f721652e7492fd6d93f9eff315509c6db5063663355305c90fa9a
- SHA512
  
  bbe001edd4f2a856ec44b05378a0e736270a042309dcbda13556bc91d23995401ac4e77b86209df18ef5a42dbb8a380554015694badde59154b5178c2f3419d8
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan