sakula | 0fc387edb33cc4f0e9e7a1eec60ffebb19e32d8355a4f92a8799d1d129f55e31 | Triage

Sharing

General

Target

0fc387edb33cc4f0e9e7a1eec60ffebb19e32d8355a4f92a8799d1d129f55e31
Size

60KB
Sample

220212-hacpeaafen
MD5

f28defa349e74c6040c0a9c528a2525d
SHA1

317e91a3817b71e4cce42f776208b1677b804e3b
SHA256

0fc387edb33cc4f0e9e7a1eec60ffebb19e32d8355a4f92a8799d1d129f55e31
SHA512

33428ccb47f181fbf0b32d032220854612886ba98a720527d04f27ae9abaa5d6803b42cef12a885c0d97e5baacc5520e45db2ea8a8f2279e2f4284746f50d837

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0fc387edb33cc4f0e9e7a1eec60ffebb19e32d8355a4f92a8799d1d129f55e31
- Size
  
  60KB
- MD5
  
  f28defa349e74c6040c0a9c528a2525d
- SHA1
  
  317e91a3817b71e4cce42f776208b1677b804e3b
- SHA256
  
  0fc387edb33cc4f0e9e7a1eec60ffebb19e32d8355a4f92a8799d1d129f55e31
- SHA512
  
  33428ccb47f181fbf0b32d032220854612886ba98a720527d04f27ae9abaa5d6803b42cef12a885c0d97e5baacc5520e45db2ea8a8f2279e2f4284746f50d837
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan