sakula | 13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27 | Triage

Submit
Reports

Overview

overview

Static

static

13d4d6d42f...27.exe

windows7-x64

13d4d6d42f...27.exe

windows10-2004-x64

Sharing

General

Target

13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27
Size

101KB
Sample

221012-sw5bnahdfm
MD5

f96fcbf8a58763beb2d7da2d4d30459e
SHA1

0839a4442b9f4ccd10c8c66c8c585eec9fbd7def
SHA256

13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27
SHA512

0fd67dc2a891ef94ff6d07443cfaa655e9f9b1ecd268dee699f89452f304c638711d3d2210ebb6c4bb1230f29b4b9a379738fcf4a0d4fa75372a8bbb35e678ab
SSDEEP

1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzk:/bfVk29te2jqxCEtg30BLbEw

Score

10^/10

sakula persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27.exe

Resource

win7-20220812-en

sakula persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27.exe

Resource

win10v2004-20220812-en

sakula persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27
- Size
  
  101KB
- MD5
  
  f96fcbf8a58763beb2d7da2d4d30459e
- SHA1
  
  0839a4442b9f4ccd10c8c66c8c585eec9fbd7def
- SHA256
  
  13d4d6d42f009d0da238938089c0ca3c6a49b465ba8650ea8b2cb1a003c9af27
- SHA512
  
  0fd67dc2a891ef94ff6d07443cfaa655e9f9b1ecd268dee699f89452f304c638711d3d2210ebb6c4bb1230f29b4b9a379738fcf4a0d4fa75372a8bbb35e678ab
- SSDEEP
  
  1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzk:/bfVk29te2jqxCEtg30BLbEw
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy