sakula | 1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50 | Triage

Submit
Reports

Overview

overview

Static

static

1568ca72b5...50.exe

windows7_x64

1568ca72b5...50.exe

windows10-2004_x64

Sharing

General

Target

1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50
Size

101KB
Sample

220212-ezzzfsgaa3
MD5

42ba79f306fe389ee22e2d4d6d2da823
SHA1

7b682060195263bf779c1f4ffd70f44fccc2fa07
SHA256

1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50
SHA512

fbb3e65acc8772df4695905e80d298c37b9df552e09497671f4d6f97d7c998c437073a85df4542d7d1903a7b8f44d4f1fee924178eba265f252bd5eb19839c4d

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50
- Size
  
  101KB
- MD5
  
  42ba79f306fe389ee22e2d4d6d2da823
- SHA1
  
  7b682060195263bf779c1f4ffd70f44fccc2fa07
- SHA256
  
  1568ca72b568cfb7e4d92cae6cc4f04520fe89a5723a4e837e1ad0bdeedaba50
- SHA512
  
  fbb3e65acc8772df4695905e80d298c37b9df552e09497671f4d6f97d7c998c437073a85df4542d7d1903a7b8f44d4f1fee924178eba265f252bd5eb19839c4d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy