sakula | 9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4 | Triage

Submit
Reports

Overview

overview

Static

static

9c700bf9ff...e4.exe

windows7-x64

9c700bf9ff...e4.exe

windows10-2004-x64

Sharing

General

Target

9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4
Size

880KB
Sample

221023-p7ectsadhr
MD5

a797530d5a54110837d50f65000a63dc
SHA1

113e8b42107c02cfb414b0a967b867745377d2b3
SHA256

9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4
SHA512

26d1822b44ae7bf2524aee01a209c9c73d9469101d8b1c9724cc42b61f771a470d80f6a128c7916c12012fbcbef61a5db3fd6c419a3b21b8082ff916aee9c3d2
SSDEEP

12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn4Q:g4+wlYBsb3zNs5f1bYInVn4Q

Score

10^/10

sakula persistence rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4.exe

Resource

win7-20220812-en

sakula persistence rat trojan

windows7-x64

6 signatures

10 seconds

Behavioral task

behavioral2

Sample

9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4.exe

Resource

win10v2004-20220812-en

sakula persistence rat trojan

windows10-2004-x64

5 signatures

10 seconds

Malware Config

Targets

- Target
  
  9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4
- Size
  
  880KB
- MD5
  
  a797530d5a54110837d50f65000a63dc
- SHA1
  
  113e8b42107c02cfb414b0a967b867745377d2b3
- SHA256
  
  9c700bf9ff9ea32de3a3d7d271d3d831300e2ee831377862ae0f13c106a685e4
- SHA512
  
  26d1822b44ae7bf2524aee01a209c9c73d9469101d8b1c9724cc42b61f771a470d80f6a128c7916c12012fbcbef61a5db3fd6c419a3b21b8082ff916aee9c3d2
- SSDEEP
  
  12288:0RfQn+w8EYiBlMkn5f9J105ko8T6csV5f1bYQog9hVn4Q:g4+wlYBsb3zNs5f1bYInVn4Q
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy