sakula | 05568843ece34f8e13a8692254f58638e147619b46bf3aab648a3edaee1ba086 | Triage

Sharing

General

Target

05568843ece34f8e13a8692254f58638e147619b46bf3aab648a3edaee1ba086
Size

36KB
Sample

220212-m7e81sdbhl
MD5

eab2d06993de9af1da45021d93e32a5f
SHA1

06facbb454c0ee95fc4f29db9a89e149b0e65c80
SHA256

05568843ece34f8e13a8692254f58638e147619b46bf3aab648a3edaee1ba086
SHA512

c710240d9459ea2d621bc2702528c836438f59f515366f4cf31075e477d5a7395a67628f55a936b48a8e16ba699baec3e0b30ef61b542f67a6859890d43a2180

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  05568843ece34f8e13a8692254f58638e147619b46bf3aab648a3edaee1ba086
- Size
  
  36KB
- MD5
  
  eab2d06993de9af1da45021d93e32a5f
- SHA1
  
  06facbb454c0ee95fc4f29db9a89e149b0e65c80
- SHA256
  
  05568843ece34f8e13a8692254f58638e147619b46bf3aab648a3edaee1ba086
- SHA512
  
  c710240d9459ea2d621bc2702528c836438f59f515366f4cf31075e477d5a7395a67628f55a936b48a8e16ba699baec3e0b30ef61b542f67a6859890d43a2180
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan