sakula | 0e6ff585ba81aa0bde6a53600951d1f598baa5f5019ee5c05d14e9a22ae02ea3 | Triage

Sharing

General

Target

0e6ff585ba81aa0bde6a53600951d1f598baa5f5019ee5c05d14e9a22ae02ea3
Size

60KB
Sample

220212-hx67jahch8
MD5

d48c9e7248c2ff9f83da185de29fe31c
SHA1

16194482c265650bb817828c54e6fe524f6f67b2
SHA256

0e6ff585ba81aa0bde6a53600951d1f598baa5f5019ee5c05d14e9a22ae02ea3
SHA512

6b3fffeb10a8a772e3138d7a851a73581b91223e7817cf5f19316cd8bbda8768975e646fe08823adc61ebd3152f7e34800d9b4d71171d5df0fb92b00daf03728

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0e6ff585ba81aa0bde6a53600951d1f598baa5f5019ee5c05d14e9a22ae02ea3
- Size
  
  60KB
- MD5
  
  d48c9e7248c2ff9f83da185de29fe31c
- SHA1
  
  16194482c265650bb817828c54e6fe524f6f67b2
- SHA256
  
  0e6ff585ba81aa0bde6a53600951d1f598baa5f5019ee5c05d14e9a22ae02ea3
- SHA512
  
  6b3fffeb10a8a772e3138d7a851a73581b91223e7817cf5f19316cd8bbda8768975e646fe08823adc61ebd3152f7e34800d9b4d71171d5df0fb92b00daf03728
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan