sakula | 05937633c4d1ea76f830c7c68e6392d55ca4980928825ec8618cce96a901947e | Triage

Sharing

General

Target

05937633c4d1ea76f830c7c68e6392d55ca4980928825ec8618cce96a901947e
Size

60KB
Sample

220212-m3s93sbeb8
MD5

8e0bf21fa1e07852ec579bd6f065c3b7
SHA1

8de87ed0025c95b3cc59222fce8c6f2df0b594bc
SHA256

05937633c4d1ea76f830c7c68e6392d55ca4980928825ec8618cce96a901947e
SHA512

9a6781a12c7b52f5ee0ced0a1ddfb97ece0df4ed4c559d6185da7ff22ff27cd55f561b3a9c849b702fda91f11c54f01acf4c032c2e4628da94ff226da68e40e9

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  05937633c4d1ea76f830c7c68e6392d55ca4980928825ec8618cce96a901947e
- Size
  
  60KB
- MD5
  
  8e0bf21fa1e07852ec579bd6f065c3b7
- SHA1
  
  8de87ed0025c95b3cc59222fce8c6f2df0b594bc
- SHA256
  
  05937633c4d1ea76f830c7c68e6392d55ca4980928825ec8618cce96a901947e
- SHA512
  
  9a6781a12c7b52f5ee0ced0a1ddfb97ece0df4ed4c559d6185da7ff22ff27cd55f561b3a9c849b702fda91f11c54f01acf4c032c2e4628da94ff226da68e40e9
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan