sakula | 075e4f0e696c00c4877a040b221588d7913203a284f2a4e846a5a64e072ae4c1 | Triage

Sharing

General

Target

075e4f0e696c00c4877a040b221588d7913203a284f2a4e846a5a64e072ae4c1
Size

58KB
Sample

220212-me7skacgej
MD5

72cafac074e38c5ede12be6a7f3d4f95
SHA1

12a0bca45e48c923b3ba62dab469ffad4f908f14
SHA256

075e4f0e696c00c4877a040b221588d7913203a284f2a4e846a5a64e072ae4c1
SHA512

b09b909a00a7128e5a5db4c3cc0fd80f49d5c4449418324ea22154a26e4287940a98ab9b6fb13d1a4f5f2284b6779698cd438b5d879ec07b338ef75770833f28

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  075e4f0e696c00c4877a040b221588d7913203a284f2a4e846a5a64e072ae4c1
- Size
  
  58KB
- MD5
  
  72cafac074e38c5ede12be6a7f3d4f95
- SHA1
  
  12a0bca45e48c923b3ba62dab469ffad4f908f14
- SHA256
  
  075e4f0e696c00c4877a040b221588d7913203a284f2a4e846a5a64e072ae4c1
- SHA512
  
  b09b909a00a7128e5a5db4c3cc0fd80f49d5c4449418324ea22154a26e4287940a98ab9b6fb13d1a4f5f2284b6779698cd438b5d879ec07b338ef75770833f28
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan