sakula | 04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d | Triage

Submit
Reports

Overview

overview

Static

static

04c1bceed5...1d.exe

windows7_x64

04c1bceed5...1d.exe

windows10-2004_x64

Sharing

General

Target

04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d
Size

92KB
Sample

220212-nd9q7sbfe6
MD5

1f8639e4ab9e4d718a75309868e82df8
SHA1

8a2c65c0590e0544e94147a52d4fe17d411e5574
SHA256

04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d
SHA512

9bba3dc1ece9dd02f59be606782f58f36b3ad71d42a4a2118fd3ac25eb1158e7569a153d65742c7775789aee417c7ba0e43ed775e84815bad7571b06d6e0a55c

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d
- Size
  
  92KB
- MD5
  
  1f8639e4ab9e4d718a75309868e82df8
- SHA1
  
  8a2c65c0590e0544e94147a52d4fe17d411e5574
- SHA256
  
  04c1bceed5bfd40362e0c91559d3e22a0dc0eacb6204f689dcdeaa4e1d3d481d
- SHA512
  
  9bba3dc1ece9dd02f59be606782f58f36b3ad71d42a4a2118fd3ac25eb1158e7569a153d65742c7775789aee417c7ba0e43ed775e84815bad7571b06d6e0a55c
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy