sakula | 0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947 | Triage

Submit
Reports

Overview

overview

Static

static

0a73891bdc...47.exe

windows7_x64

0a73891bdc...47.exe

windows10-2004_x64

Sharing

General

Target

0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947
Size

36KB
Sample

220212-k94y2scbdj
MD5

2f10a10bf45d5fee3a06552108a2bb27
SHA1

f40241e24e32a54127e2e21892dec873d009dfd4
SHA256

0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947
SHA512

048b8c6a0d0a90909ae7e97c749d41509ac49132eaa4126a2d48be0dcc66ba99119dc323f2bbaf1853ccd40a90c240c2c76eed8e7385cf4e54662f9be1b72c87

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947
- Size
  
  36KB
- MD5
  
  2f10a10bf45d5fee3a06552108a2bb27
- SHA1
  
  f40241e24e32a54127e2e21892dec873d009dfd4
- SHA256
  
  0a73891bdc4d9f25fb9d8aa27aef0ed474a5fbac2b435dc12ed7792d8bbe5947
- SHA512
  
  048b8c6a0d0a90909ae7e97c749d41509ac49132eaa4126a2d48be0dcc66ba99119dc323f2bbaf1853ccd40a90c240c2c76eed8e7385cf4e54662f9be1b72c87
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy