sakula | 0b78ab5f8c6b1e8bdd436517a822620084c865908de9706ebcd6008630a42a41 | Triage

Sharing

General

Target

0b78ab5f8c6b1e8bdd436517a822620084c865908de9706ebcd6008630a42a41
Size

58KB
Sample

220212-j4lpvabefn
MD5

fc3cab6d5c326d21e033e3f5e72b80ec
SHA1

76043dfc52d0aeb4f7241a38a546833711ab7be2
SHA256

0b78ab5f8c6b1e8bdd436517a822620084c865908de9706ebcd6008630a42a41
SHA512

3ce391fad344da18661ea0db55742c33e47aec180fc1086848124608d05cd11afbda7747f1d50758dd74319884c60e945458cd33826e732f1d289cfa356e17d5

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0b78ab5f8c6b1e8bdd436517a822620084c865908de9706ebcd6008630a42a41
- Size
  
  58KB
- MD5
  
  fc3cab6d5c326d21e033e3f5e72b80ec
- SHA1
  
  76043dfc52d0aeb4f7241a38a546833711ab7be2
- SHA256
  
  0b78ab5f8c6b1e8bdd436517a822620084c865908de9706ebcd6008630a42a41
- SHA512
  
  3ce391fad344da18661ea0db55742c33e47aec180fc1086848124608d05cd11afbda7747f1d50758dd74319884c60e945458cd33826e732f1d289cfa356e17d5
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan