sakula | 34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b | Triage

Submit
Reports

Overview

overview

Static

static

34d77df169...0b.exe

windows7_x64

34d77df169...0b.exe

windows10-2004_x64

Sharing

General

Target

34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b
Size

60KB
Sample

220619-ykh7yachh4
MD5

c1d9b7d1050c4057b23fc7d72e12c9ab
SHA1

2d5a7183c81096fbd8ef15db19c54301888c068d
SHA256

34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b
SHA512

44b70795ad63795cf41b8c19d4966477b5debeedc21d8364f492b4291a4220d41423cad867131dfaaa9849d7c9ed12a1e696c076ecec6fa4d8ecb888980c9bb5

Score

10^/10

sakula persistence rat trojan

Static task

static1

Behavioral task

behavioral1

Sample

34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b.exe

Resource

win7-20220414-en

sakula persistence rat trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b.exe

Resource

win10v2004-20220414-en

sakula persistence rat trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b
- Size
  
  60KB
- MD5
  
  c1d9b7d1050c4057b23fc7d72e12c9ab
- SHA1
  
  2d5a7183c81096fbd8ef15db19c54301888c068d
- SHA256
  
  34d77df16932f4fd1470e2f9166ce95c1d4999a8b6cc988c4b711ca14fa51d0b
- SHA512
  
  44b70795ad63795cf41b8c19d4966477b5debeedc21d8364f492b4291a4220d41423cad867131dfaaa9849d7c9ed12a1e696c076ecec6fa4d8ecb888980c9bb5
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula Payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy