sakula | 995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa | Triage

Submit
Reports

Overview

overview

Static

static

995e26d3c2...fa.exe

windows7_x64

995e26d3c2...fa.exe

windows10_x64

995e26d3c2...fa.exe

windows10-2004_x64

Resubmissions

24-02-2022 11:09

220224-m9mqwaebep 10

29-09-2021 06:53

210929-hnnc3aeabr 8

Sharing

General

Target

995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa
Size

4.5MB
Sample

220224-m9mqwaebep
MD5

ccdb023db49ef98e92bc4e52fd5d7bec
SHA1

704fe7f943331a69984527e50d3ab1823e111f4b
SHA256

995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa
SHA512

4ce111297c6cdff1377d6eaa9069318ffd7845a4e91ec9bb01488cdef70c5ef292dcb7bb40fff76ff081eaff87e32632bdd4227f0f7c853857da0de4b52e1d29

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa.exe

Resource

win7-20220223-en

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa.exe

Resource

win10-en-20211208

sakula persistence rat trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa.exe

Resource

win10v2004-en-20220113

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa
- Size
  
  4.5MB
- MD5
  
  ccdb023db49ef98e92bc4e52fd5d7bec
- SHA1
  
  704fe7f943331a69984527e50d3ab1823e111f4b
- SHA256
  
  995e26d3c24d06f40dd6771fa55d0127639a50e59249c593cb21ee3ea9401cfa
- SHA512
  
  4ce111297c6cdff1377d6eaa9069318ffd7845a4e91ec9bb01488cdef70c5ef292dcb7bb40fff76ff081eaff87e32632bdd4227f0f7c853857da0de4b52e1d29
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

behavioral3

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy