sakula | 0a07ef5e2d80a34e0d89285bfc05ce179a24f0df1db25cc9fa70b3e2aeeea55a | Triage

Sharing

General

Target

0a07ef5e2d80a34e0d89285bfc05ce179a24f0df1db25cc9fa70b3e2aeeea55a
Size

58KB
Sample

220212-le8t7aafa9
MD5

afdc559d0f89548298be15d76ff79e1f
SHA1

288376c8af963519c4271bb20b186736a1efba9f
SHA256

0a07ef5e2d80a34e0d89285bfc05ce179a24f0df1db25cc9fa70b3e2aeeea55a
SHA512

601ab9249c72d1c5f062f3d1c69a7ce5fd4930ca9a42b8bf014e840beaa681dfe26678a8d03d360e331a8fb8adaf4e69513c01f83637e6ed8764deec7bb889a2

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0a07ef5e2d80a34e0d89285bfc05ce179a24f0df1db25cc9fa70b3e2aeeea55a
- Size
  
  58KB
- MD5
  
  afdc559d0f89548298be15d76ff79e1f
- SHA1
  
  288376c8af963519c4271bb20b186736a1efba9f
- SHA256
  
  0a07ef5e2d80a34e0d89285bfc05ce179a24f0df1db25cc9fa70b3e2aeeea55a
- SHA512
  
  601ab9249c72d1c5f062f3d1c69a7ce5fd4930ca9a42b8bf014e840beaa681dfe26678a8d03d360e331a8fb8adaf4e69513c01f83637e6ed8764deec7bb889a2
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan