sakula | 02ee7d83e3d37dfce41f3bb9b4bc4d2beeda8a27595c836889635665ee20db67 | Triage

Sharing

General

Target

02ee7d83e3d37dfce41f3bb9b4bc4d2beeda8a27595c836889635665ee20db67
Size

60KB
Sample

220212-n37yxacaa9
MD5

08b0f2b1b2e5a2ce7af8c7434f94ed47
SHA1

ec25a9dd3cfbbddcb45bf9db644e350d674c5a11
SHA256

02ee7d83e3d37dfce41f3bb9b4bc4d2beeda8a27595c836889635665ee20db67
SHA512

4de67a3a7d04c4de8d78dbd987ac2001059906b89400d3b9097c33cadb2a4120d153433c4e4baa3a0db77b4f1b0f1f19f36e99fe58bfa8c9a8568a1037743aac

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  02ee7d83e3d37dfce41f3bb9b4bc4d2beeda8a27595c836889635665ee20db67
- Size
  
  60KB
- MD5
  
  08b0f2b1b2e5a2ce7af8c7434f94ed47
- SHA1
  
  ec25a9dd3cfbbddcb45bf9db644e350d674c5a11
- SHA256
  
  02ee7d83e3d37dfce41f3bb9b4bc4d2beeda8a27595c836889635665ee20db67
- SHA512
  
  4de67a3a7d04c4de8d78dbd987ac2001059906b89400d3b9097c33cadb2a4120d153433c4e4baa3a0db77b4f1b0f1f19f36e99fe58bfa8c9a8568a1037743aac
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan