sakula | 0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153 | Triage

Submit
Reports

Overview

overview

Static

static

0a490c2b49...53.exe

windows7_x64

0a490c2b49...53.exe

windows10-2004_x64

Sharing

General

Target

0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153
Size

58KB
Sample

220212-lbvhdscbfm
MD5

6bc2cf16f200ad0b7458f4ef80ee85a4
SHA1

a15283bacc02be3b701b21353a0a105359ae22a6
SHA256

0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153
SHA512

f35105cd6fa9b0471c580fbff6aa61c240eae4dab49ac1391690b70989700c4ce2c838e18ca89206c63ed769797f14b2cdaf0a965d38c1df36a44a2961fed6af

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153
- Size
  
  58KB
- MD5
  
  6bc2cf16f200ad0b7458f4ef80ee85a4
- SHA1
  
  a15283bacc02be3b701b21353a0a105359ae22a6
- SHA256
  
  0a490c2b49a7ecc9e5a84e2ec50ccd3b7a570daf629eafb8831a4ebf4e684153
- SHA512
  
  f35105cd6fa9b0471c580fbff6aa61c240eae4dab49ac1391690b70989700c4ce2c838e18ca89206c63ed769797f14b2cdaf0a965d38c1df36a44a2961fed6af
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy