sakula | 111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84 | Triage

Submit
Reports

Overview

overview

Static

static

111e680556...84.exe

windows7_x64

111e680556...84.exe

windows10-2004_x64

Sharing

General

Target

111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84
Size

99KB
Sample

220212-gqt3ysgge7
MD5

c7b452a2e2a9aeeb1bb2b5096a50df08
SHA1

3773fc12c9d6de7b7112853cf3eed490588f3f1a
SHA256

111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84
SHA512

4be5f55f7a39c4916d3e65433c5a7d11eee991ae98afb56999102cb90f2ffc3c11b45e84667a0118519e59ad961487fb8c6eca267da51b0bcafba640e4d03208

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84
- Size
  
  99KB
- MD5
  
  c7b452a2e2a9aeeb1bb2b5096a50df08
- SHA1
  
  3773fc12c9d6de7b7112853cf3eed490588f3f1a
- SHA256
  
  111e680556a2d906d58bfbf452d7fd1197b1f22b5223c7a3a33b4a435b4c7e84
- SHA512
  
  4be5f55f7a39c4916d3e65433c5a7d11eee991ae98afb56999102cb90f2ffc3c11b45e84667a0118519e59ad961487fb8c6eca267da51b0bcafba640e4d03208
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy