sakula | 0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f | Triage

Submit
Reports

Overview

overview

Static

static

0735f6ade0...6f.exe

windows7_x64

0735f6ade0...6f.exe

windows10-2004_x64

Sharing

General

Target

0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f
Size

79KB
Sample

220212-mghw8abbe3
MD5

24f601d494ec38f0ada395f99249d05b
SHA1

e93e78d7a15d0d5572c53f41ca6a31b7df4f3ecf
SHA256

0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f
SHA512

a5fedd7fe6377efc5c8078a843cf068f95ac367a725b6d590791f6a9539be1b8562fc74a8a976b3e41e224f7e118fbcb4f7f722088ab7937779a9ace134e3f3b

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f
- Size
  
  79KB
- MD5
  
  24f601d494ec38f0ada395f99249d05b
- SHA1
  
  e93e78d7a15d0d5572c53f41ca6a31b7df4f3ecf
- SHA256
  
  0735f6ade0963aa1ccdcc718b462c52a14387e0465d4986e7fb673e32f87a26f
- SHA512
  
  a5fedd7fe6377efc5c8078a843cf068f95ac367a725b6d590791f6a9539be1b8562fc74a8a976b3e41e224f7e118fbcb4f7f722088ab7937779a9ace134e3f3b
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy