sakula | 091e2e5dd2f1c1ec72309a6b1436622c8ef0c1034d96332386d08e19aac6dcb4 | Triage

Sharing

General

Target

091e2e5dd2f1c1ec72309a6b1436622c8ef0c1034d96332386d08e19aac6dcb4
Size

36KB
Sample

220212-lrerwaagd5
MD5

0eaf55875b53b204e67aa58090b4f5bc
SHA1

d759232ea9df0e797352a3191813ca94a1898dda
SHA256

091e2e5dd2f1c1ec72309a6b1436622c8ef0c1034d96332386d08e19aac6dcb4
SHA512

be8614107185c8ad01af74cda6a84f88407a6a69acef2065104737c76dab5ae056f148ced4c90e22f02df5c2c07753c68c972cbc4f77dcfefcd847a0bcf888bd

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  091e2e5dd2f1c1ec72309a6b1436622c8ef0c1034d96332386d08e19aac6dcb4
- Size
  
  36KB
- MD5
  
  0eaf55875b53b204e67aa58090b4f5bc
- SHA1
  
  d759232ea9df0e797352a3191813ca94a1898dda
- SHA256
  
  091e2e5dd2f1c1ec72309a6b1436622c8ef0c1034d96332386d08e19aac6dcb4
- SHA512
  
  be8614107185c8ad01af74cda6a84f88407a6a69acef2065104737c76dab5ae056f148ced4c90e22f02df5c2c07753c68c972cbc4f77dcfefcd847a0bcf888bd
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan