sakula | 0d59c5ba879ab22421c28ff70194a9a7cff1152df2c08581f1469062b0acd2a2 | Triage

Sharing

General

Target

0d59c5ba879ab22421c28ff70194a9a7cff1152df2c08581f1469062b0acd2a2
Size

60KB
Sample

220212-jcjfeabbbm
MD5

722ebcbbdf3a08e7a4d6866b0334e3e1
SHA1

e7ec514dd050674eafc94de32f89a2c099acaa8d
SHA256

0d59c5ba879ab22421c28ff70194a9a7cff1152df2c08581f1469062b0acd2a2
SHA512

135724d305aa020a86c11a8c046dfddc553377f67ffc5e4028f35a350dec869672a7e11ba29f4625f25974b2ac22dd156169dc76210922d865d33422e92800db

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0d59c5ba879ab22421c28ff70194a9a7cff1152df2c08581f1469062b0acd2a2
- Size
  
  60KB
- MD5
  
  722ebcbbdf3a08e7a4d6866b0334e3e1
- SHA1
  
  e7ec514dd050674eafc94de32f89a2c099acaa8d
- SHA256
  
  0d59c5ba879ab22421c28ff70194a9a7cff1152df2c08581f1469062b0acd2a2
- SHA512
  
  135724d305aa020a86c11a8c046dfddc553377f67ffc5e4028f35a350dec869672a7e11ba29f4625f25974b2ac22dd156169dc76210922d865d33422e92800db
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan