sakula | 056a05d1f4de5bd34e4cfea921442240e6320988984b9741aa9a7b4f912ee0be | Triage

Sharing

General

Target

056a05d1f4de5bd34e4cfea921442240e6320988984b9741aa9a7b4f912ee0be
Size

60KB
Sample

220212-m6c29sdbgk
MD5

9b3f225b6e59930020e0a1af9dce7147
SHA1

1758bd8a63048b7e2e5c7afe17e32b32f0170a9a
SHA256

056a05d1f4de5bd34e4cfea921442240e6320988984b9741aa9a7b4f912ee0be
SHA512

3956da861d4eb33eaca6269de7269db74808e93a4fe08536cb2275cf3a99545b08e5d2205b75b469b9749265e240b15f251507d77b091627bbe515050053fb07

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  056a05d1f4de5bd34e4cfea921442240e6320988984b9741aa9a7b4f912ee0be
- Size
  
  60KB
- MD5
  
  9b3f225b6e59930020e0a1af9dce7147
- SHA1
  
  1758bd8a63048b7e2e5c7afe17e32b32f0170a9a
- SHA256
  
  056a05d1f4de5bd34e4cfea921442240e6320988984b9741aa9a7b4f912ee0be
- SHA512
  
  3956da861d4eb33eaca6269de7269db74808e93a4fe08536cb2275cf3a99545b08e5d2205b75b469b9749265e240b15f251507d77b091627bbe515050053fb07
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan