sakula | 1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e | Triage

Submit
Reports

Overview

overview

Static

static

1767c64dfe...7e.exe

windows7_x64

1767c64dfe...7e.exe

windows10-2004_x64

Sharing

General

Target

1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e
Size

168KB
Sample

220212-d3vy8sfeb7
MD5

1277754a9e270620875e4962c2280312
SHA1

1a7bdc81edb913e6773a5350b6a3e9dce45ee96e
SHA256

1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e
SHA512

1fdb883d59de4fe819b95419c14cacb4c7ce36ea935139f0dfda45067a1c86faa0e0b2befbf758b8f50d06f2e535e384b34e9d97b7d6908f2b27bcf1b1bc3d33

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e
- Size
  
  168KB
- MD5
  
  1277754a9e270620875e4962c2280312
- SHA1
  
  1a7bdc81edb913e6773a5350b6a3e9dce45ee96e
- SHA256
  
  1767c64dfeee3df386f20ef7297b42719a1dd34e1c7411684d6d4e762f3b2c7e
- SHA512
  
  1fdb883d59de4fe819b95419c14cacb4c7ce36ea935139f0dfda45067a1c86faa0e0b2befbf758b8f50d06f2e535e384b34e9d97b7d6908f2b27bcf1b1bc3d33
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy