sakula | 0ecfa46452c098c6aa6a464b1b4364f601e8abf8bcab361323e08c74dc7c901d | Triage

Sharing

General

Target

0ecfa46452c098c6aa6a464b1b4364f601e8abf8bcab361323e08c74dc7c901d
Size

58KB
Sample

220212-htan6aahak
MD5

06f74bf4f7a28d2b670e43b195782226
SHA1

c0d360829b3645fad12c30fae11bdcd6f90d4bd7
SHA256

0ecfa46452c098c6aa6a464b1b4364f601e8abf8bcab361323e08c74dc7c901d
SHA512

1585bdd5686b13cd02e9b8035724888b4695a25e110f8c124884fd0937acdd1f9aed236540dab465873225071b32ef662589e99626114abba9699ecb40a2d06b

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0ecfa46452c098c6aa6a464b1b4364f601e8abf8bcab361323e08c74dc7c901d
- Size
  
  58KB
- MD5
  
  06f74bf4f7a28d2b670e43b195782226
- SHA1
  
  c0d360829b3645fad12c30fae11bdcd6f90d4bd7
- SHA256
  
  0ecfa46452c098c6aa6a464b1b4364f601e8abf8bcab361323e08c74dc7c901d
- SHA512
  
  1585bdd5686b13cd02e9b8035724888b4695a25e110f8c124884fd0937acdd1f9aed236540dab465873225071b32ef662589e99626114abba9699ecb40a2d06b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan