sakula | 0f66892c9fba1a28f2e95f7b9a01ae11cfe6615d98a97477a72ecdf45bb85899 | Triage

Sharing

General

Target

0f66892c9fba1a28f2e95f7b9a01ae11cfe6615d98a97477a72ecdf45bb85899
Size

60KB
Sample

220212-hefxmahbd4
MD5

5ec6231c7df4086e4711d19cb193230b
SHA1

48743d92dcd5906c2cd79cdf879a79b7b4c53dd3
SHA256

0f66892c9fba1a28f2e95f7b9a01ae11cfe6615d98a97477a72ecdf45bb85899
SHA512

d4aa9a96f9177b58230a812b15350fb1da655920cc970b00bb973f16c43921708d9faa92a463fd4055336256e94b96b3ec57168a2ea83fef9ae743cb58256274

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0f66892c9fba1a28f2e95f7b9a01ae11cfe6615d98a97477a72ecdf45bb85899
- Size
  
  60KB
- MD5
  
  5ec6231c7df4086e4711d19cb193230b
- SHA1
  
  48743d92dcd5906c2cd79cdf879a79b7b4c53dd3
- SHA256
  
  0f66892c9fba1a28f2e95f7b9a01ae11cfe6615d98a97477a72ecdf45bb85899
- SHA512
  
  d4aa9a96f9177b58230a812b15350fb1da655920cc970b00bb973f16c43921708d9faa92a463fd4055336256e94b96b3ec57168a2ea83fef9ae743cb58256274
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan