sakula | 09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39 | Triage

Submit
Reports

Overview

overview

Static

static

09bf216750...39.exe

windows7_x64

09bf216750...39.exe

windows10-2004_x64

Sharing

General

Target

09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39
Size

79KB
Sample

220212-lhv3haccdk
MD5

e5c8aa28fe123293080764b546ef87a0
SHA1

d69a5eb97c8b205037ffb2f477d7968fb2519b4a
SHA256

09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39
SHA512

0762f3e7ee3728190d06e7fbeb1b8e5e76726b1c6049bceaa26f73158c81a1a0750d83de02dd462abf21f79277ad4235b1f088bca5329b8e14d93efc1273f95b

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39
- Size
  
  79KB
- MD5
  
  e5c8aa28fe123293080764b546ef87a0
- SHA1
  
  d69a5eb97c8b205037ffb2f477d7968fb2519b4a
- SHA256
  
  09bf216750318e4fd27b8d94763e2a4ca098476947df47011d7fe2c9b7f83f39
- SHA512
  
  0762f3e7ee3728190d06e7fbeb1b8e5e76726b1c6049bceaa26f73158c81a1a0750d83de02dd462abf21f79277ad4235b1f088bca5329b8e14d93efc1273f95b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy