sakula | 047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83 | Triage

Submit
Reports

Overview

overview

Static

static

047c1f56be...83.exe

windows7_x64

047c1f56be...83.exe

windows10-2004_x64

Sharing

General

Target

047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83
Size

99KB
Sample

220212-nhxbnsddcn
MD5

061b48d096ffaf500370924e53bcb482
SHA1

bb56ee6ee7d726a78abda3ddbdd4eb9a3b6289c7
SHA256

047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83
SHA512

8c89d39166ae9469fe4f95fc434dde9cab5201a51e4cb382e857df9e663df3ae8f93d7441f91d154edcdd79710400e7b856123bbca3d1bc2b68621b5637e7a41

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83
- Size
  
  99KB
- MD5
  
  061b48d096ffaf500370924e53bcb482
- SHA1
  
  bb56ee6ee7d726a78abda3ddbdd4eb9a3b6289c7
- SHA256
  
  047c1f56be81a530a11795ec5ab3c3c377dc5985662a4b34835f0594b0d83f83
- SHA512
  
  8c89d39166ae9469fe4f95fc434dde9cab5201a51e4cb382e857df9e663df3ae8f93d7441f91d154edcdd79710400e7b856123bbca3d1bc2b68621b5637e7a41
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy