sakula | 028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811 | Triage

Submit
Reports

Overview

overview

Static

static

028632c8ef...11.exe

windows7_x64

028632c8ef...11.exe

windows10-2004_x64

Sharing

General

Target

028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811
Size

99KB
Sample

220212-n81f1sdgen
MD5

f26ed86a57cdc02819937eb27331a4c6
SHA1

2f7e0aa9fc12e35c8d470f65efd096b9318ea557
SHA256

028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811
SHA512

98c582994983f440f8c59aa864c408f0320bc367e25a28427d41ba2a41a0e7da7e9b8f88ada12c49944f9497bb9e7634eb0d655096ae2deb1e263256a06d43e1

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811
- Size
  
  99KB
- MD5
  
  f26ed86a57cdc02819937eb27331a4c6
- SHA1
  
  2f7e0aa9fc12e35c8d470f65efd096b9318ea557
- SHA256
  
  028632c8efe9ccd50b46e7b99609679343e864cdb390e86e988cd4a0a5933811
- SHA512
  
  98c582994983f440f8c59aa864c408f0320bc367e25a28427d41ba2a41a0e7da7e9b8f88ada12c49944f9497bb9e7634eb0d655096ae2deb1e263256a06d43e1
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy