sakula | 10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0 | Triage

Submit
Reports

Overview

overview

Static

static

10a34b893c...e0.exe

windows7_x64

10a34b893c...e0.exe

windows10-2004_x64

Sharing

General

Target

10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0
Size

216KB
Sample

220212-gxte1aghc8
MD5

f490fd464dc4dce7a02c51b0e59d0c3f
SHA1

a2919988e81a217b97e5402d3efebf374876db4f
SHA256

10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0
SHA512

785e1eb7c5f2c80ee95b405cd3a916906019924e914a866ce454d351cdd142f48a69141acf32c8b9623d36e72c96acff309d07e9640daaa0caeaea85ec688d02

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0
- Size
  
  216KB
- MD5
  
  f490fd464dc4dce7a02c51b0e59d0c3f
- SHA1
  
  a2919988e81a217b97e5402d3efebf374876db4f
- SHA256
  
  10a34b893c70e6edcbd8ebf6bbda480024901bad28a7afcaaace77a4bfbe5de0
- SHA512
  
  785e1eb7c5f2c80ee95b405cd3a916906019924e914a866ce454d351cdd142f48a69141acf32c8b9623d36e72c96acff309d07e9640daaa0caeaea85ec688d02
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy