sakula | 072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b | Triage

Submit
Reports

Overview

overview

Static

static

072be36b96...8b.exe

windows7_x64

072be36b96...8b.exe

windows10-2004_x64

Sharing

General

Target

072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b
Size

58KB
Sample

220212-mg6y2scgfp
MD5

2e312ef28b7663608e2ae5c9fd97d2cb
SHA1

40d9951c12f2b5558dd76ce575acaff5b4bf8e70
SHA256

072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b
SHA512

2e5c6030d9f11c679f4c1e80ccf12696b6352cf13e90d9dd24923cdcdd7cc764160a6619cef41c479ead174844ef1d910b8af17b5371df77980f68fee6e33154

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b
- Size
  
  58KB
- MD5
  
  2e312ef28b7663608e2ae5c9fd97d2cb
- SHA1
  
  40d9951c12f2b5558dd76ce575acaff5b4bf8e70
- SHA256
  
  072be36b96f77f310525835b8c370e3c40a3d271867feb7358efa2e82f6a228b
- SHA512
  
  2e5c6030d9f11c679f4c1e80ccf12696b6352cf13e90d9dd24923cdcdd7cc764160a6619cef41c479ead174844ef1d910b8af17b5371df77980f68fee6e33154
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy