sakula | 0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc | Triage

Submit
Reports

Overview

overview

Static

static

0e8f526630...bc.exe

windows7_x64

0e8f526630...bc.exe

windows10-2004_x64

Sharing

General

Target

0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc
Size

101KB
Sample

220212-hwzfasahck
MD5

7b0439c26e692a5edc474f82df20b82c
SHA1

73416fd5c707c7719082358f40a3d5598d54e037
SHA256

0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc
SHA512

89b901f20b402f5899b0b4898a4bd205d91b88cea3b885636c6012f8387fe5ebd409a2c35a259e2e44f95c9d5044f79f7fc890a2f51c0a4a8a954313a8d66809

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc
- Size
  
  101KB
- MD5
  
  7b0439c26e692a5edc474f82df20b82c
- SHA1
  
  73416fd5c707c7719082358f40a3d5598d54e037
- SHA256
  
  0e8f526630ad080d03dc596e79076e0fa9006a8c8ba0fa53336a700032ea15bc
- SHA512
  
  89b901f20b402f5899b0b4898a4bd205d91b88cea3b885636c6012f8387fe5ebd409a2c35a259e2e44f95c9d5044f79f7fc890a2f51c0a4a8a954313a8d66809
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy