sakula | 035818416fd5e38352e749a72e368030860bec21211e63622a87844a7f70a126 | Triage

Sharing

General

Target

035818416fd5e38352e749a72e368030860bec21211e63622a87844a7f70a126
Size

58KB
Sample

220212-ny8pmsbhe9
MD5

2290c612928bf1ad3a00f0b64e639c51
SHA1

02143a79606dabd4e7b27e020bfedd7b9aed6f8e
SHA256

035818416fd5e38352e749a72e368030860bec21211e63622a87844a7f70a126
SHA512

edfbdee180b08bdc677ecfd0387e58187a3c78715a807dbe06041e8d6a0e2d21dabe6413b39380aeb2ca4c6600c757e123e19e0224187209f32efc42ac074cc4

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  035818416fd5e38352e749a72e368030860bec21211e63622a87844a7f70a126
- Size
  
  58KB
- MD5
  
  2290c612928bf1ad3a00f0b64e639c51
- SHA1
  
  02143a79606dabd4e7b27e020bfedd7b9aed6f8e
- SHA256
  
  035818416fd5e38352e749a72e368030860bec21211e63622a87844a7f70a126
- SHA512
  
  edfbdee180b08bdc677ecfd0387e58187a3c78715a807dbe06041e8d6a0e2d21dabe6413b39380aeb2ca4c6600c757e123e19e0224187209f32efc42ac074cc4
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan