sakula | 0c0d214027e3b5d8f1434550d2cb513155a68b2b6612e2d473d0a17a8368dd12 | Triage

Sharing

General

Target

0c0d214027e3b5d8f1434550d2cb513155a68b2b6612e2d473d0a17a8368dd12
Size

58KB
Sample

220212-jvkfeshgg9
MD5

d971ac16f5269f42e7ab764a283387fa
SHA1

b5cc8d439e46fe042eafbe6465dbd56788c884a3
SHA256

0c0d214027e3b5d8f1434550d2cb513155a68b2b6612e2d473d0a17a8368dd12
SHA512

6bf274ce369bfd996e78ebe1622be80288870e72db1ec012c9dbf83edc08a692120511fe7597f70769be7c42c38386ccee4af4a5eefdeff30529f7a70c545c74

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0c0d214027e3b5d8f1434550d2cb513155a68b2b6612e2d473d0a17a8368dd12
- Size
  
  58KB
- MD5
  
  d971ac16f5269f42e7ab764a283387fa
- SHA1
  
  b5cc8d439e46fe042eafbe6465dbd56788c884a3
- SHA256
  
  0c0d214027e3b5d8f1434550d2cb513155a68b2b6612e2d473d0a17a8368dd12
- SHA512
  
  6bf274ce369bfd996e78ebe1622be80288870e72db1ec012c9dbf83edc08a692120511fe7597f70769be7c42c38386ccee4af4a5eefdeff30529f7a70c545c74
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan