sakula | 09b8ecdeea3eb74d51071bfbbe5179e669050cab1318c1a40765ba2e803a78c9 | Triage

Sharing

General

Target

09b8ecdeea3eb74d51071bfbbe5179e669050cab1318c1a40765ba2e803a78c9
Size

58KB
Sample

220212-lh41eaafe2
MD5

e1ce252de79420c186c6fcc9a366f968
SHA1

c7d3002fcbd854d413a542f50bc98644e0836634
SHA256

09b8ecdeea3eb74d51071bfbbe5179e669050cab1318c1a40765ba2e803a78c9
SHA512

30a8339812b513592d3dbcb2e9927e7e3c7a1701f33dd6370b4e968ddbc37f11b6b8633f5fcdd6340e0f844b4e27fe7388f1aafa2f33495652cbeff6731bb7bb

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  09b8ecdeea3eb74d51071bfbbe5179e669050cab1318c1a40765ba2e803a78c9
- Size
  
  58KB
- MD5
  
  e1ce252de79420c186c6fcc9a366f968
- SHA1
  
  c7d3002fcbd854d413a542f50bc98644e0836634
- SHA256
  
  09b8ecdeea3eb74d51071bfbbe5179e669050cab1318c1a40765ba2e803a78c9
- SHA512
  
  30a8339812b513592d3dbcb2e9927e7e3c7a1701f33dd6370b4e968ddbc37f11b6b8633f5fcdd6340e0f844b4e27fe7388f1aafa2f33495652cbeff6731bb7bb
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan