sakula | 062e3a4d396211fc04099c6224661a7f480bb4b7c49e9826a43736eba6bc90c6 | Triage

Sharing

General

Target

062e3a4d396211fc04099c6224661a7f480bb4b7c49e9826a43736eba6bc90c6
Size

35KB
Sample

220212-mt4z8adadn
MD5

9fd0cba7cf1f154f60207c446669bf4f
SHA1

8de06170ffea061704c322c6879f675bbb9d2afb
SHA256

062e3a4d396211fc04099c6224661a7f480bb4b7c49e9826a43736eba6bc90c6
SHA512

1ec48a5a1d6fe3ba85a70c9ccbb65446f4c52f294b8bb0fd4ed4c61fb60abd126d694312354de154ae91cd13c9f3b552c135f5f81a2e09fc69bf3b3b3a44e6a8

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  062e3a4d396211fc04099c6224661a7f480bb4b7c49e9826a43736eba6bc90c6
- Size
  
  35KB
- MD5
  
  9fd0cba7cf1f154f60207c446669bf4f
- SHA1
  
  8de06170ffea061704c322c6879f675bbb9d2afb
- SHA256
  
  062e3a4d396211fc04099c6224661a7f480bb4b7c49e9826a43736eba6bc90c6
- SHA512
  
  1ec48a5a1d6fe3ba85a70c9ccbb65446f4c52f294b8bb0fd4ed4c61fb60abd126d694312354de154ae91cd13c9f3b552c135f5f81a2e09fc69bf3b3b3a44e6a8
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan