sakula | 0a89babf3fd721c1e4ba195cc59da6c4372939ce983ca88132357995b5a8aec0 | Triage

Sharing

General

Target

0a89babf3fd721c1e4ba195cc59da6c4372939ce983ca88132357995b5a8aec0
Size

35KB
Sample

220212-k8zypscbbn
MD5

775b9090000628bb6306f6f37b645580
SHA1

dd1805914c914722d8d2fcc430b902b9d1682cca
SHA256

0a89babf3fd721c1e4ba195cc59da6c4372939ce983ca88132357995b5a8aec0
SHA512

59e4d3673db992ca0bc2b5e7558df332d06ccf4f70e9c77ab73c41bbc9539d3e274125b7df3e50c5f024d26cba69eff9ea4e109a04bc241e0b1fc46eb8c70c6e

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0a89babf3fd721c1e4ba195cc59da6c4372939ce983ca88132357995b5a8aec0
- Size
  
  35KB
- MD5
  
  775b9090000628bb6306f6f37b645580
- SHA1
  
  dd1805914c914722d8d2fcc430b902b9d1682cca
- SHA256
  
  0a89babf3fd721c1e4ba195cc59da6c4372939ce983ca88132357995b5a8aec0
- SHA512
  
  59e4d3673db992ca0bc2b5e7558df332d06ccf4f70e9c77ab73c41bbc9539d3e274125b7df3e50c5f024d26cba69eff9ea4e109a04bc241e0b1fc46eb8c70c6e
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan