sakula | 0d86ac3ce6406aa9283e326c3681bebd614579d496e48fc8cb0417e2bf07c545 | Triage

Sharing

General

Target

0d86ac3ce6406aa9283e326c3681bebd614579d496e48fc8cb0417e2bf07c545
Size

58KB
Sample

220212-jarn1ahee4
MD5

e726bd2dd34f2098669cd4ac08c2a75e
SHA1

f0d4e912bd786fee8ca21ef29ead0eb841733f64
SHA256

0d86ac3ce6406aa9283e326c3681bebd614579d496e48fc8cb0417e2bf07c545
SHA512

2249a5fdbd986fd597b0e26cad4b3d6bb3e3562a2eddb6d5dc5aafdf1a2dfddbab9831424413c615f6654fc8b16258124ea036bd95f90a707668153bce995d5f

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0d86ac3ce6406aa9283e326c3681bebd614579d496e48fc8cb0417e2bf07c545
- Size
  
  58KB
- MD5
  
  e726bd2dd34f2098669cd4ac08c2a75e
- SHA1
  
  f0d4e912bd786fee8ca21ef29ead0eb841733f64
- SHA256
  
  0d86ac3ce6406aa9283e326c3681bebd614579d496e48fc8cb0417e2bf07c545
- SHA512
  
  2249a5fdbd986fd597b0e26cad4b3d6bb3e3562a2eddb6d5dc5aafdf1a2dfddbab9831424413c615f6654fc8b16258124ea036bd95f90a707668153bce995d5f
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan