sakula | 0a7e0eca1023459a35ab1fb70a3c48916f1746624b4d4671c89ac5a62e3cb2e4 | Triage

Sharing

General

Target

0a7e0eca1023459a35ab1fb70a3c48916f1746624b4d4671c89ac5a62e3cb2e4
Size

60KB
Sample

220212-k9nxtsaec8
MD5

17f356cb901e82957bf9cd22a6a839a2
SHA1

6cbad4d06e6acdc37135e875dc8367d1a88c9317
SHA256

0a7e0eca1023459a35ab1fb70a3c48916f1746624b4d4671c89ac5a62e3cb2e4
SHA512

a4f308674c0d4ec2e07ce3d527354f9334400e556d0bbe8879f3e2d2dac0f6215e8d26138bc4aff6ea2674c5082da51111cd6eeafb51b52a82dc2b1436ef3aac

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0a7e0eca1023459a35ab1fb70a3c48916f1746624b4d4671c89ac5a62e3cb2e4
- Size
  
  60KB
- MD5
  
  17f356cb901e82957bf9cd22a6a839a2
- SHA1
  
  6cbad4d06e6acdc37135e875dc8367d1a88c9317
- SHA256
  
  0a7e0eca1023459a35ab1fb70a3c48916f1746624b4d4671c89ac5a62e3cb2e4
- SHA512
  
  a4f308674c0d4ec2e07ce3d527354f9334400e556d0bbe8879f3e2d2dac0f6215e8d26138bc4aff6ea2674c5082da51111cd6eeafb51b52a82dc2b1436ef3aac
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan