sakula | 04c20a84cc1a3d77d160b2655130df143f3c5cbacd0568d5196b868ac5918745 | Triage

Sharing

General

Target

04c20a84cc1a3d77d160b2655130df143f3c5cbacd0568d5196b868ac5918745
Size

60KB
Sample

220212-nd7lvabfe5
MD5

50b99fb19d5cf3685a3852e5f1182ef8
SHA1

50428ecfebb663d152b956b71498d3535555762f
SHA256

04c20a84cc1a3d77d160b2655130df143f3c5cbacd0568d5196b868ac5918745
SHA512

acf189c0869c9c02f44aea4c18bc65cf98f9e0e0e910e6284856e6612b1dbc58437e6c6cf4d50fdaa5c0623a5fdccdda7b211d7a69b7cf5986e2495f49f6e29c

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  04c20a84cc1a3d77d160b2655130df143f3c5cbacd0568d5196b868ac5918745
- Size
  
  60KB
- MD5
  
  50b99fb19d5cf3685a3852e5f1182ef8
- SHA1
  
  50428ecfebb663d152b956b71498d3535555762f
- SHA256
  
  04c20a84cc1a3d77d160b2655130df143f3c5cbacd0568d5196b868ac5918745
- SHA512
  
  acf189c0869c9c02f44aea4c18bc65cf98f9e0e0e910e6284856e6612b1dbc58437e6c6cf4d50fdaa5c0623a5fdccdda7b211d7a69b7cf5986e2495f49f6e29c
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan