sakula | 0429d9dfc564d193d2e88df942be024f456d2a93e523d2119868b2962f208be0 | Triage

Sharing

General

Target

0429d9dfc564d193d2e88df942be024f456d2a93e523d2119868b2962f208be0
Size

60KB
Sample

220212-nnezksdeak
MD5

2271e5e0671156e4f54e1a67dabecb49
SHA1

1786a5e2152d5ca00ed2ef4a4dbe774e0a4d50cd
SHA256

0429d9dfc564d193d2e88df942be024f456d2a93e523d2119868b2962f208be0
SHA512

624ed1eccf3dccce975864715c1ffb33d2a01424dd1d353844a14dd0cd42c18203789a9334981f069f59314ae5b3b3a04a8409a6620bd321adb4d880c3b9655b

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  0429d9dfc564d193d2e88df942be024f456d2a93e523d2119868b2962f208be0
- Size
  
  60KB
- MD5
  
  2271e5e0671156e4f54e1a67dabecb49
- SHA1
  
  1786a5e2152d5ca00ed2ef4a4dbe774e0a4d50cd
- SHA256
  
  0429d9dfc564d193d2e88df942be024f456d2a93e523d2119868b2962f208be0
- SHA512
  
  624ed1eccf3dccce975864715c1ffb33d2a01424dd1d353844a14dd0cd42c18203789a9334981f069f59314ae5b3b3a04a8409a6620bd321adb4d880c3b9655b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan