sakula | 0913361b7e03729052ef3d95d1f17d695fa439559b7bd7333dbf7af9e7f548d8 | Triage

Sharing

General

Target

0913361b7e03729052ef3d95d1f17d695fa439559b7bd7333dbf7af9e7f548d8
Size

60KB
Sample

220212-lrx88acddr
MD5

73f9ced25eddd7a52796fafcc0dd38ef
SHA1

93086d8fcf0bac62f14c1819dd155262bd7da35c
SHA256

0913361b7e03729052ef3d95d1f17d695fa439559b7bd7333dbf7af9e7f548d8
SHA512

698aed0ba41ffdb83e721c77577731bf23830fcb4f82d0a01f61d76f79b3af30dd483b4d608b6e7fbe1c0ce03d3fd9fa9af781d4044e6099d1514801f3a98fce

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0913361b7e03729052ef3d95d1f17d695fa439559b7bd7333dbf7af9e7f548d8
- Size
  
  60KB
- MD5
  
  73f9ced25eddd7a52796fafcc0dd38ef
- SHA1
  
  93086d8fcf0bac62f14c1819dd155262bd7da35c
- SHA256
  
  0913361b7e03729052ef3d95d1f17d695fa439559b7bd7333dbf7af9e7f548d8
- SHA512
  
  698aed0ba41ffdb83e721c77577731bf23830fcb4f82d0a01f61d76f79b3af30dd483b4d608b6e7fbe1c0ce03d3fd9fa9af781d4044e6099d1514801f3a98fce
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan