sakula | 06b4c7cb1b3eb6893d42d69cf5cb094543ed6712e886333b44be74acb4ee20b0 | Triage

Sharing

General

Target

06b4c7cb1b3eb6893d42d69cf5cb094543ed6712e886333b44be74acb4ee20b0
Size

35KB
Sample

220212-mnr4gabce2
MD5

9e3e215b7abc347226a5fa5e9b1d01cf
SHA1

d96b2e29b802fce5c41862405e4acf4e0195f74e
SHA256

06b4c7cb1b3eb6893d42d69cf5cb094543ed6712e886333b44be74acb4ee20b0
SHA512

8e9adb0808f8a87e29ae1303765b5a7ef8e36c8d464dac736a899e12e23b770cf7387f03d4f6cd8559caba4f500006e6dbac0af24fa28adeca99f79de128fb16

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  06b4c7cb1b3eb6893d42d69cf5cb094543ed6712e886333b44be74acb4ee20b0
- Size
  
  35KB
- MD5
  
  9e3e215b7abc347226a5fa5e9b1d01cf
- SHA1
  
  d96b2e29b802fce5c41862405e4acf4e0195f74e
- SHA256
  
  06b4c7cb1b3eb6893d42d69cf5cb094543ed6712e886333b44be74acb4ee20b0
- SHA512
  
  8e9adb0808f8a87e29ae1303765b5a7ef8e36c8d464dac736a899e12e23b770cf7387f03d4f6cd8559caba4f500006e6dbac0af24fa28adeca99f79de128fb16
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan