sakula | 000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f | Triage

Submit
Reports

Overview

overview

Static

static

000b6be645...9f.exe

windows7_x64

000b6be645...9f.exe

windows10-2004_x64

Sharing

General

Target

000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f
Size

58KB
Sample

220212-p44tbaecdj
MD5

76dd0fa7cc53a03d01117bb406180a80
SHA1

756c6bddc687286bd00a812e4e37d192da7ea8cb
SHA256

000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f
SHA512

6d3e0c0bf67575c6bb97b2f1bcbbbf5f1a33465de1278a31aaeb7de111458659266cde61c58346ed8f3321f8db093624a6b6d1e2f234af01cbcdc8fa3a4a6ca8

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f
- Size
  
  58KB
- MD5
  
  76dd0fa7cc53a03d01117bb406180a80
- SHA1
  
  756c6bddc687286bd00a812e4e37d192da7ea8cb
- SHA256
  
  000b6be645453e2024c132ba4c1ed69f6c773b5592ddf70c457ee106c03df89f
- SHA512
  
  6d3e0c0bf67575c6bb97b2f1bcbbbf5f1a33465de1278a31aaeb7de111458659266cde61c58346ed8f3321f8db093624a6b6d1e2f234af01cbcdc8fa3a4a6ca8
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy