sakula | 050138a9d7f9e33dd57fb70f61aeb66ae68d950c3f851e62567adb146a8a6c3a | Triage

Sharing

General

Target

050138a9d7f9e33dd57fb70f61aeb66ae68d950c3f851e62567adb146a8a6c3a
Size

58KB
Sample

220212-na9l2abfb8
MD5

0758dfc725cb094cd9801b0c83de0561
SHA1

cf980ea496395384722c7ca34b302aec485c2dde
SHA256

050138a9d7f9e33dd57fb70f61aeb66ae68d950c3f851e62567adb146a8a6c3a
SHA512

2b131b3b19765fe44b44ed6604f5114636aa5d1cb34826b1ed480664c835bb8b7ed681b9be5c1ce3026c1739e785c32ce0f110844d4a816b8829a135055e35d2

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  050138a9d7f9e33dd57fb70f61aeb66ae68d950c3f851e62567adb146a8a6c3a
- Size
  
  58KB
- MD5
  
  0758dfc725cb094cd9801b0c83de0561
- SHA1
  
  cf980ea496395384722c7ca34b302aec485c2dde
- SHA256
  
  050138a9d7f9e33dd57fb70f61aeb66ae68d950c3f851e62567adb146a8a6c3a
- SHA512
  
  2b131b3b19765fe44b44ed6604f5114636aa5d1cb34826b1ed480664c835bb8b7ed681b9be5c1ce3026c1739e785c32ce0f110844d4a816b8829a135055e35d2
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan