sakula | 0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1 | Triage

Submit
Reports

Overview

overview

Static

static

0a41ae6f28...a1.exe

windows7_x64

0a41ae6f28...a1.exe

windows10-2004_x64

Sharing

General

Target

0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1
Size

216KB
Sample

220212-lcavdaaee9
MD5

b8e207a33688f3b6ae451a0963159277
SHA1

008f5add4f3f0a6010c52e96f3ac268f70c02b4c
SHA256

0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1
SHA512

b9c7befd99419ce77fb915cb6b17dcef4d110bd7682c191f6304c0afce5c4a63d0c2fb1a545b59510477e19e0dfc17da818545efa2b005c0e98f9c51e7badf76

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1
- Size
  
  216KB
- MD5
  
  b8e207a33688f3b6ae451a0963159277
- SHA1
  
  008f5add4f3f0a6010c52e96f3ac268f70c02b4c
- SHA256
  
  0a41ae6f283653d856fc2442d566f55080bf364d1d94dff663ee39fdacaa54a1
- SHA512
  
  b9c7befd99419ce77fb915cb6b17dcef4d110bd7682c191f6304c0afce5c4a63d0c2fb1a545b59510477e19e0dfc17da818545efa2b005c0e98f9c51e7badf76
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy