sakula | 0a5fdec8203799cc7ba7f30a721591ff4c9a70b28fe91e484149c5136cbcc8e8 | Triage

Sharing

General

Target

0a5fdec8203799cc7ba7f30a721591ff4c9a70b28fe91e484149c5136cbcc8e8
Size

36KB
Sample

220212-la1m1scbem
MD5

cd84359af28693637a338193097fb4ca
SHA1

951c009af198d24364599ed4209312870b400b08
SHA256

0a5fdec8203799cc7ba7f30a721591ff4c9a70b28fe91e484149c5136cbcc8e8
SHA512

c27bced8784bac0e77297493c1af3c6124d12bdc44028b4827882d8cf58976861adf4a101a3a767f21901244397ba238c801180a17875674bdac1f6550d106a8

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0a5fdec8203799cc7ba7f30a721591ff4c9a70b28fe91e484149c5136cbcc8e8
- Size
  
  36KB
- MD5
  
  cd84359af28693637a338193097fb4ca
- SHA1
  
  951c009af198d24364599ed4209312870b400b08
- SHA256
  
  0a5fdec8203799cc7ba7f30a721591ff4c9a70b28fe91e484149c5136cbcc8e8
- SHA512
  
  c27bced8784bac0e77297493c1af3c6124d12bdc44028b4827882d8cf58976861adf4a101a3a767f21901244397ba238c801180a17875674bdac1f6550d106a8
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan