sakula | 07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710 | Triage

Submit
Reports

Overview

overview

Static

static

07d5d6f916...10.exe

windows7-x64

07d5d6f916...10.exe

windows10-2004-x64

Sharing

General

Target

07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710
Size

212KB
Sample

230405-bnwwwaba87
MD5

2318575bbff6e228b9453eeb841ba952
SHA1

191e925300fe778355c91c14f6e95631cf94b831
SHA256

07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710
SHA512

8cb12fec7144cb2cad287dd34f82d92d853fb03ea2f82d795923a1c92dcf8361366f5bdfe5d7628b7cce3f5fc4aef8a185b569368aad08e4dc776667423a3b30
SSDEEP

1536:XcQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pLz30rtr8gjXjp0danBj:r29DkEGRQixVSjLc330BYgjXjpDnBj

Score

10^/10

sakula persistence rat trojan upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710.exe

Resource

win7-20230220-en

sakula persistence rat trojan upx

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710.exe

Resource

win10v2004-20230220-en

sakula persistence rat trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710
- Size
  
  212KB
- MD5
  
  2318575bbff6e228b9453eeb841ba952
- SHA1
  
  191e925300fe778355c91c14f6e95631cf94b831
- SHA256
  
  07d5d6f916da9da2e1d1add3eb927b4c5b89e093d41baecdff209e728ecab710
- SHA512
  
  8cb12fec7144cb2cad287dd34f82d92d853fb03ea2f82d795923a1c92dcf8361366f5bdfe5d7628b7cce3f5fc4aef8a185b569368aad08e4dc776667423a3b30
- SSDEEP
  
  1536:XcQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pLz30rtr8gjXjp0danBj:r29DkEGRQixVSjLc330BYgjXjpDnBj
Score

10^/10

sakula persistence rat trojan upx
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojanupx

behavioral2

sakulapersistencerattrojanupx

© 2018-2024

Terms | Privacy