sakula | 0af826337a8565cd2f5751e591656d586adaa4df703b6759490f0e86556340bf | Triage

Sharing

General

Target

0af826337a8565cd2f5751e591656d586adaa4df703b6759490f0e86556340bf
Size

36KB
Sample

220212-kec7vabfhl
MD5

df5e61ebcc07a243702efe6260c7b881
SHA1

78f7a059e79d4fee43a6edd301ad93cd8586200a
SHA256

0af826337a8565cd2f5751e591656d586adaa4df703b6759490f0e86556340bf
SHA512

26dcbc6ff5c6e8e0d0e62c9e7b6c1c9585a2d958567a48f851e4f28139d5892df9b892a9c9a2225d6a390c8f42311f623b96240559bad196fc3a6b65e1db9237

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0af826337a8565cd2f5751e591656d586adaa4df703b6759490f0e86556340bf
- Size
  
  36KB
- MD5
  
  df5e61ebcc07a243702efe6260c7b881
- SHA1
  
  78f7a059e79d4fee43a6edd301ad93cd8586200a
- SHA256
  
  0af826337a8565cd2f5751e591656d586adaa4df703b6759490f0e86556340bf
- SHA512
  
  26dcbc6ff5c6e8e0d0e62c9e7b6c1c9585a2d958567a48f851e4f28139d5892df9b892a9c9a2225d6a390c8f42311f623b96240559bad196fc3a6b65e1db9237
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan