sakula | 0f84cbca407b56390d594860900048503deb360cfb59f679bccdd62c627caa6a | Triage

Sharing

General

Target

0f84cbca407b56390d594860900048503deb360cfb59f679bccdd62c627caa6a
Size

60KB
Sample

220212-hc54qsafhm
MD5

535f8eccfdea063e7e13709b186efe4f
SHA1

d7f30bbb59808ccae656d1d88f01fc0d2cad75da
SHA256

0f84cbca407b56390d594860900048503deb360cfb59f679bccdd62c627caa6a
SHA512

f6879ba7608508d37e48aa1bc5d04c75cb557c0017b98decc2a20875e1c4ff7095bda95f2758ebf55c5196e3886fb12c21d2a15b8947b8ad4610a7ad17057817

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0f84cbca407b56390d594860900048503deb360cfb59f679bccdd62c627caa6a
- Size
  
  60KB
- MD5
  
  535f8eccfdea063e7e13709b186efe4f
- SHA1
  
  d7f30bbb59808ccae656d1d88f01fc0d2cad75da
- SHA256
  
  0f84cbca407b56390d594860900048503deb360cfb59f679bccdd62c627caa6a
- SHA512
  
  f6879ba7608508d37e48aa1bc5d04c75cb557c0017b98decc2a20875e1c4ff7095bda95f2758ebf55c5196e3886fb12c21d2a15b8947b8ad4610a7ad17057817
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan