sakula | 103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202 | Triage

Submit
Reports

Overview

overview

Static

static

1036698520...02.exe

windows7_x64

1036698520...02.exe

windows10-2004_x64

Sharing

General

Target

103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202
Size

60KB
Sample

220212-g4r6hsaefr
MD5

739fb34b4198aecdeeb8e2fe08c5bd02
SHA1

a9a83c219366c14ac229c5ada7c01c3979887612
SHA256

103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202
SHA512

1b8db8180de6eda182938f242b4ddc087be89d64a5c8a6c405e054b02aa89b18ef6d35c26d8b21489927cb60e3d43395e196a35451536d57a7c99e7965c0897d

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202
- Size
  
  60KB
- MD5
  
  739fb34b4198aecdeeb8e2fe08c5bd02
- SHA1
  
  a9a83c219366c14ac229c5ada7c01c3979887612
- SHA256
  
  103669852071c157f5d4bac841cf13b3e7436124da68320cfbc05d4b98fba202
- SHA512
  
  1b8db8180de6eda182938f242b4ddc087be89d64a5c8a6c405e054b02aa89b18ef6d35c26d8b21489927cb60e3d43395e196a35451536d57a7c99e7965c0897d
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy