sakula | 0ceb51dcdc658667e2d5af2110f6ac4749c086a9435e08a14cb30d36ce6facfc | Triage

Sharing

General

Target

0ceb51dcdc658667e2d5af2110f6ac4749c086a9435e08a14cb30d36ce6facfc
Size

58KB
Sample

220212-jh8x9ahff5
MD5

2d0059e0cf443df5cdb17eefe8444032
SHA1

635a698e5792064fcf245fa0bdc0a1e9c87684cc
SHA256

0ceb51dcdc658667e2d5af2110f6ac4749c086a9435e08a14cb30d36ce6facfc
SHA512

0272c3aa7b6122c54ff66c352daf794188a0fecd1c677060792681a48f86fe8d15c6ff24d7f5f0e89042817e639154daebee5eb457a5f59deb8b1627bc1c6065

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0ceb51dcdc658667e2d5af2110f6ac4749c086a9435e08a14cb30d36ce6facfc
- Size
  
  58KB
- MD5
  
  2d0059e0cf443df5cdb17eefe8444032
- SHA1
  
  635a698e5792064fcf245fa0bdc0a1e9c87684cc
- SHA256
  
  0ceb51dcdc658667e2d5af2110f6ac4749c086a9435e08a14cb30d36ce6facfc
- SHA512
  
  0272c3aa7b6122c54ff66c352daf794188a0fecd1c677060792681a48f86fe8d15c6ff24d7f5f0e89042817e639154daebee5eb457a5f59deb8b1627bc1c6065
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan