sakula | 0b42221cbfb64685c40b8625c5543d4a190c5c8032c389afda68b1a2e4608239 | Triage

Sharing

General

Target

0b42221cbfb64685c40b8625c5543d4a190c5c8032c389afda68b1a2e4608239
Size

58KB
Sample

220212-j82a4aaae3
MD5

858b204bd8462b9eab614c39b58ebabd
SHA1

67f0064a2a8e90d16361d5a8075fc9aee90cf034
SHA256

0b42221cbfb64685c40b8625c5543d4a190c5c8032c389afda68b1a2e4608239
SHA512

571764bb0c779ec63f13089071347113437d1acbead182cbef7b2c2c4f8f3b838bce2fd5c34480a878696d15b07cd3f158963eb7ab673493682ce229f9d0581b

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0b42221cbfb64685c40b8625c5543d4a190c5c8032c389afda68b1a2e4608239
- Size
  
  58KB
- MD5
  
  858b204bd8462b9eab614c39b58ebabd
- SHA1
  
  67f0064a2a8e90d16361d5a8075fc9aee90cf034
- SHA256
  
  0b42221cbfb64685c40b8625c5543d4a190c5c8032c389afda68b1a2e4608239
- SHA512
  
  571764bb0c779ec63f13089071347113437d1acbead182cbef7b2c2c4f8f3b838bce2fd5c34480a878696d15b07cd3f158963eb7ab673493682ce229f9d0581b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan