sakula | 057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3 | Triage

Submit
Reports

Overview

overview

Static

static

057dca2bbf...b3.exe

windows7_x64

057dca2bbf...b3.exe

windows10-2004_x64

Sharing

General

Target

057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3
Size

79KB
Sample

220212-m4tl8sbec8
MD5

be9cb7e9216eef4945ef7543cd22b42e
SHA1

3b48ffc566784d090015324d3ec8a5419c73309c
SHA256

057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3
SHA512

088923b538f130397705a097200526eede8c230a8c16be54006b68fcfa1f58b0f5f24a9e18f85e6e0ab266d7d934edacaa7279a2463ea011dd4973bc86d420a6

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3
- Size
  
  79KB
- MD5
  
  be9cb7e9216eef4945ef7543cd22b42e
- SHA1
  
  3b48ffc566784d090015324d3ec8a5419c73309c
- SHA256
  
  057dca2bbf8baf262e9575959872191a524b865e0d985fbce95b583f4f629eb3
- SHA512
  
  088923b538f130397705a097200526eede8c230a8c16be54006b68fcfa1f58b0f5f24a9e18f85e6e0ab266d7d934edacaa7279a2463ea011dd4973bc86d420a6
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy