sakula | 048800cce1832352ebcb549ebd6f976f4f9fb28b6d4b0a6ba4e04793bff20ba5 | Triage

Sharing

General

Target

048800cce1832352ebcb549ebd6f976f4f9fb28b6d4b0a6ba4e04793bff20ba5
Size

60KB
Sample

220212-ng8cjsbfh5
MD5

40b8b6d71e5ea12dff80de1e2a841932
SHA1

f712729e876981e8befffc4d397339380959503d
SHA256

048800cce1832352ebcb549ebd6f976f4f9fb28b6d4b0a6ba4e04793bff20ba5
SHA512

d9adbb3fe6d8aa46d577c556bee60fa6f6041ba528e433ae43feb71ac6c028ffe8326cc1e94b2cd1888747d7326d88d605ca41dfdb21df676786db9071b74197

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  048800cce1832352ebcb549ebd6f976f4f9fb28b6d4b0a6ba4e04793bff20ba5
- Size
  
  60KB
- MD5
  
  40b8b6d71e5ea12dff80de1e2a841932
- SHA1
  
  f712729e876981e8befffc4d397339380959503d
- SHA256
  
  048800cce1832352ebcb549ebd6f976f4f9fb28b6d4b0a6ba4e04793bff20ba5
- SHA512
  
  d9adbb3fe6d8aa46d577c556bee60fa6f6041ba528e433ae43feb71ac6c028ffe8326cc1e94b2cd1888747d7326d88d605ca41dfdb21df676786db9071b74197
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan