sakula | 064a996b5671c0305d2be6eef29236e688407992059c774bf11b2d5c24e4a425 | Triage

Sharing

General

Target

064a996b5671c0305d2be6eef29236e688407992059c774bf11b2d5c24e4a425
Size

58KB
Sample

220212-msdrmsbch4
MD5

07c010b35faf1ed397676a0abe821213
SHA1

6996a6c09669284a74c98142fb01f78904b45ac9
SHA256

064a996b5671c0305d2be6eef29236e688407992059c774bf11b2d5c24e4a425
SHA512

dd655c00d828aa668e3204be4341ee409188a3c6d759c359c2443e0787202163ea8ee8282bc4abb6cab5eb1de6b5e631950cc4d39ea18a6e6d8988f62a790d82

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  064a996b5671c0305d2be6eef29236e688407992059c774bf11b2d5c24e4a425
- Size
  
  58KB
- MD5
  
  07c010b35faf1ed397676a0abe821213
- SHA1
  
  6996a6c09669284a74c98142fb01f78904b45ac9
- SHA256
  
  064a996b5671c0305d2be6eef29236e688407992059c774bf11b2d5c24e4a425
- SHA512
  
  dd655c00d828aa668e3204be4341ee409188a3c6d759c359c2443e0787202163ea8ee8282bc4abb6cab5eb1de6b5e631950cc4d39ea18a6e6d8988f62a790d82
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan