sakula | 03e38057bab685d3006a8787b7b5d20f9303b3fc4729e043baf1b4c700d5e991 | Triage

Sharing

General

Target

03e38057bab685d3006a8787b7b5d20f9303b3fc4729e043baf1b4c700d5e991
Size

60KB
Sample

220212-nrne5abgg9
MD5

2bc34951553b52e40841d5d1fbdc77c7
SHA1

ad4371e01f82647e98a4c120427ca5cdf8bc8a8d
SHA256

03e38057bab685d3006a8787b7b5d20f9303b3fc4729e043baf1b4c700d5e991
SHA512

9fd6c9d68f82004df057e5e16db95e9b52ee05418a83a309ddde3b85f84006b87b0bddcda5b6895ebedc63bfe95c59a14504a29e203a7fd21e7581de21f354c9

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  03e38057bab685d3006a8787b7b5d20f9303b3fc4729e043baf1b4c700d5e991
- Size
  
  60KB
- MD5
  
  2bc34951553b52e40841d5d1fbdc77c7
- SHA1
  
  ad4371e01f82647e98a4c120427ca5cdf8bc8a8d
- SHA256
  
  03e38057bab685d3006a8787b7b5d20f9303b3fc4729e043baf1b4c700d5e991
- SHA512
  
  9fd6c9d68f82004df057e5e16db95e9b52ee05418a83a309ddde3b85f84006b87b0bddcda5b6895ebedc63bfe95c59a14504a29e203a7fd21e7581de21f354c9
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan