sakula | 09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3 | Triage

Submit
Reports

Overview

overview

Static

static

09adc10f86...d3.exe

windows7_x64

09adc10f86...d3.exe

windows10-2004_x64

Sharing

General

Target

09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3
Size

89KB
Sample

220212-ljkcdsafe9
MD5

ad2ba37d4a2bfd4d1dd02d0ebb74aa19
SHA1

5e96b3093f2c75ca95296a225a1f124458125edc
SHA256

09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3
SHA512

52090137c162664f03b7239867afcc44b17e3e6bdabb34cde9d22cf90d310e4e1bb35ccff5998e532ac3a04a1d57640da4dc5e15787f50e41c8f98ee537ecdb0

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3
- Size
  
  89KB
- MD5
  
  ad2ba37d4a2bfd4d1dd02d0ebb74aa19
- SHA1
  
  5e96b3093f2c75ca95296a225a1f124458125edc
- SHA256
  
  09adc10f86805d09ea113f969fad1715622a166fcaf690933acaf9b3dcfcdfd3
- SHA512
  
  52090137c162664f03b7239867afcc44b17e3e6bdabb34cde9d22cf90d310e4e1bb35ccff5998e532ac3a04a1d57640da4dc5e15787f50e41c8f98ee537ecdb0
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy