sakula | 092425e1a8899882fef31f2997d0703a0777d049b900a4e260ae4ed33a3e113c | Triage

Sharing

General

Target

092425e1a8899882fef31f2997d0703a0777d049b900a4e260ae4ed33a3e113c
Size

35KB
Sample

220212-lq19gscddj
MD5

7923f2123baf97c333bafc64f2fa84cf
SHA1

dcb4556c3ffb17a60fc084fcb2fd188e598e67c8
SHA256

092425e1a8899882fef31f2997d0703a0777d049b900a4e260ae4ed33a3e113c
SHA512

f1b8e978900b4e6dc901866f300361cba2a1b4474696b0bf4a4fffb08c48cd662a180a925244284c845b3bdd44d5edc9f6917e2ed894bb576f56cf7dfce768ee

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  092425e1a8899882fef31f2997d0703a0777d049b900a4e260ae4ed33a3e113c
- Size
  
  35KB
- MD5
  
  7923f2123baf97c333bafc64f2fa84cf
- SHA1
  
  dcb4556c3ffb17a60fc084fcb2fd188e598e67c8
- SHA256
  
  092425e1a8899882fef31f2997d0703a0777d049b900a4e260ae4ed33a3e113c
- SHA512
  
  f1b8e978900b4e6dc901866f300361cba2a1b4474696b0bf4a4fffb08c48cd662a180a925244284c845b3bdd44d5edc9f6917e2ed894bb576f56cf7dfce768ee
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan