sakula | 0b7576d091baced70b83e7c6c47bec7447ddd7844b545e553711df9a779a6f7a | Triage

Sharing

General

Target

0b7576d091baced70b83e7c6c47bec7447ddd7844b545e553711df9a779a6f7a
Size

58KB
Sample

220212-j45sqahhh8
MD5

db6222d7a7e857af57f6be8f19223ab8
SHA1

736607bcf7b5e1ac5afd9429d9cdd2e88cf6f984
SHA256

0b7576d091baced70b83e7c6c47bec7447ddd7844b545e553711df9a779a6f7a
SHA512

8bb01a0bc2f599908196df29ae85ec6bd61fc6bdc646d8ee2a6f364235abefc27fffc350f9eba6c397b142178bbc87153d8a7ed40aa1900254c8ba535529a97b

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0b7576d091baced70b83e7c6c47bec7447ddd7844b545e553711df9a779a6f7a
- Size
  
  58KB
- MD5
  
  db6222d7a7e857af57f6be8f19223ab8
- SHA1
  
  736607bcf7b5e1ac5afd9429d9cdd2e88cf6f984
- SHA256
  
  0b7576d091baced70b83e7c6c47bec7447ddd7844b545e553711df9a779a6f7a
- SHA512
  
  8bb01a0bc2f599908196df29ae85ec6bd61fc6bdc646d8ee2a6f364235abefc27fffc350f9eba6c397b142178bbc87153d8a7ed40aa1900254c8ba535529a97b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan