sakula | 089b29f0744584f5509395eee975d4333323961ebfb9b87d23a22ac8a67221c8 | Triage

Sharing

General

Target

089b29f0744584f5509395eee975d4333323961ebfb9b87d23a22ac8a67221c8
Size

60KB
Sample

220212-lx25csahb8
MD5

44da09450a16aeb8ce82e569bdb0dacd
SHA1

66bfebe8feef7c429341afae9b67b8b456045da8
SHA256

089b29f0744584f5509395eee975d4333323961ebfb9b87d23a22ac8a67221c8
SHA512

88e3519d23d367b5de59fa82005a4a142c14b4e024ae5e074cb356abcd29ddfe5f470e96527cf2a3431be231d8e4af3a02341a9e3755dd6c0a37ae03eee50c92

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  089b29f0744584f5509395eee975d4333323961ebfb9b87d23a22ac8a67221c8
- Size
  
  60KB
- MD5
  
  44da09450a16aeb8ce82e569bdb0dacd
- SHA1
  
  66bfebe8feef7c429341afae9b67b8b456045da8
- SHA256
  
  089b29f0744584f5509395eee975d4333323961ebfb9b87d23a22ac8a67221c8
- SHA512
  
  88e3519d23d367b5de59fa82005a4a142c14b4e024ae5e074cb356abcd29ddfe5f470e96527cf2a3431be231d8e4af3a02341a9e3755dd6c0a37ae03eee50c92
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan