sakula | 01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2 | Triage

Submit
Reports

Overview

overview

Static

static

01ec9fd862...c2.exe

windows7_x64

01ec9fd862...c2.exe

windows10-2004_x64

Sharing

General

Target

01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2
Size

80KB
Sample

220212-pgzabadhfk
MD5

c81e526c5c1fda71c660d65519ab2732
SHA1

a79a683ac5df1b0a43bf5b41a31b78a6de9e27ae
SHA256

01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2
SHA512

b80f220beaaec6061223026d3ba3a68932fcd2aaf1d3d65710c5d9130e63b7e1ea6bed65339ff7a925d210e529698bb1e7aecf4a105369e40c33cedb2285fad6

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2.exe

Resource

win7-en-20211208

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2.exe

Resource

win10v2004-en-20220112

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2
- Size
  
  80KB
- MD5
  
  c81e526c5c1fda71c660d65519ab2732
- SHA1
  
  a79a683ac5df1b0a43bf5b41a31b78a6de9e27ae
- SHA256
  
  01ec9fd8625be6f43ef086441d1e08ba6fd0ddf093383e4488287bc8c1cad2c2
- SHA512
  
  b80f220beaaec6061223026d3ba3a68932fcd2aaf1d3d65710c5d9130e63b7e1ea6bed65339ff7a925d210e529698bb1e7aecf4a105369e40c33cedb2285fad6
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy