sakula | 094569c10de24c3f8f38330035b8321a655d348e83df808bcd5f2df9006661d9 | Triage

Sharing

General

Target

094569c10de24c3f8f38330035b8321a655d348e83df808bcd5f2df9006661d9
Size

36KB
Sample

220212-lnwk8acdak
MD5

d619376add32d9014e50cbe436b04722
SHA1

a53f3001c1df0621b64d75743c7e1c41a7aa6f05
SHA256

094569c10de24c3f8f38330035b8321a655d348e83df808bcd5f2df9006661d9
SHA512

d63d002a2901bf2d32880f59d1808abf1d6e029b944f483658c8294b588e9daa1e445af2b5b0b76e00727ac55dd8e52388b10cf8ec3e0d8220ea512956f8b591

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  094569c10de24c3f8f38330035b8321a655d348e83df808bcd5f2df9006661d9
- Size
  
  36KB
- MD5
  
  d619376add32d9014e50cbe436b04722
- SHA1
  
  a53f3001c1df0621b64d75743c7e1c41a7aa6f05
- SHA256
  
  094569c10de24c3f8f38330035b8321a655d348e83df808bcd5f2df9006661d9
- SHA512
  
  d63d002a2901bf2d32880f59d1808abf1d6e029b944f483658c8294b588e9daa1e445af2b5b0b76e00727ac55dd8e52388b10cf8ec3e0d8220ea512956f8b591
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan