sakula | 15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e | Triage

Submit
Reports

Overview

overview

Static

static

15fec5c211...9e.exe

windows7_x64

15fec5c211...9e.exe

windows10-2004_x64

Sharing

General

Target

15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e
Size

150KB
Sample

220212-epx24sfgg6
MD5

4b1afc810f7064735de895546a4c43da
SHA1

71f6efbda242e75558c7bc4023157941527b5e04
SHA256

15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e
SHA512

5a59fa5bb0ce41b63d108295f8fcffac379aadc8fa1596ac83330a4749a3a06b854e7681da03514ed023905492cd2317f96ceba6a6074fae3bc6d15771de6475

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e
- Size
  
  150KB
- MD5
  
  4b1afc810f7064735de895546a4c43da
- SHA1
  
  71f6efbda242e75558c7bc4023157941527b5e04
- SHA256
  
  15fec5c2114e502ebeb84a18de37b6fd382b2c67f47d204fafd32b8b106fbc9e
- SHA512
  
  5a59fa5bb0ce41b63d108295f8fcffac379aadc8fa1596ac83330a4749a3a06b854e7681da03514ed023905492cd2317f96ceba6a6074fae3bc6d15771de6475
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy