sakula | 11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3 | Triage

Submit
Reports

Overview

overview

Static

static

11b24ec00f...a3.exe

windows7_x64

11b24ec00f...a3.exe

windows10-2004_x64

Sharing

General

Target

11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3
Size

101KB
Sample

220212-ggzl3sacdl
MD5

d0ffcae0e2613c07b8772d301eac75c4
SHA1

20d88b2be69ea260965b98e214221d64fa65595b
SHA256

11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3
SHA512

5c0cc160de3ccba08f0f4c3fc23b8250f216e7df6e37cb488b7184fa5fb4b1ed83f9be7ae5766b76755cc7150ca5b3469bc9c68e67b2b57f4d61dd9bde027689

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3
- Size
  
  101KB
- MD5
  
  d0ffcae0e2613c07b8772d301eac75c4
- SHA1
  
  20d88b2be69ea260965b98e214221d64fa65595b
- SHA256
  
  11b24ec00fe4359c9539b07ea13cabc13e31de4ee5c64cfb6f0550c8d3e994a3
- SHA512
  
  5c0cc160de3ccba08f0f4c3fc23b8250f216e7df6e37cb488b7184fa5fb4b1ed83f9be7ae5766b76755cc7150ca5b3469bc9c68e67b2b57f4d61dd9bde027689
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy