sakula | 173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950 | Triage

Submit
Reports

Overview

overview

Static

static

173870c436...50.exe

windows7_x64

173870c436...50.exe

windows10-2004_x64

Sharing

General

Target

173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950
Size

60KB
Sample

220212-d5xwlsfed8
MD5

99ec4574c74cf455f584bf0ea6f81c78
SHA1

b8e894d3818ce77e6707a4859b07947ee4bbe72a
SHA256

173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950
SHA512

66d044c48545379be71795da7c4f10da6c1c4be61de9941379b4f61166316013b8d512e897aff1cfe02f359c7d40f2d633a83f9459047fb15d71f25e1433593b

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950
- Size
  
  60KB
- MD5
  
  99ec4574c74cf455f584bf0ea6f81c78
- SHA1
  
  b8e894d3818ce77e6707a4859b07947ee4bbe72a
- SHA256
  
  173870c436ec833d06af153e9ad054fbaed6b2a7c096972e9b992de09b826950
- SHA512
  
  66d044c48545379be71795da7c4f10da6c1c4be61de9941379b4f61166316013b8d512e897aff1cfe02f359c7d40f2d633a83f9459047fb15d71f25e1433593b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy