sakula | 8df10a1c1f6072515a6155734ca71184e71deea8988e614d5135997fa54ea5ee | Triage

Submit
Reports

Overview

overview

Static

static

easy_Malic...6c.exe

windows7-x64

easy_Malic...6c.exe

windows10-2004-x64

Sharing

General

Target

easy_Malicious_1941f839ec28e90940c0e950f60c0c9b254bf30ed30b2f9d83a644239c01f96c.exe
Size

109KB
Sample

230704-stc5dseg27
MD5

9e01a52b56d80a49feac8a7849539069
SHA1

868857c5ec1600956cc955e65cad9dc1c1555f1e
SHA256

8df10a1c1f6072515a6155734ca71184e71deea8988e614d5135997fa54ea5ee
SHA512

9297319fc893a570c29eb92a27a7b3d9abad7a32ba25edb866971e39991993ad904f6210763ec25881f12c65d68e2d92206daccbb2fc3c46f0e7e436d916f1a0
SSDEEP

3072:529DkEGRxixVSjLXt+rl30BXqqqqLkCakCW:529qRsVSndg30BXqqqqPCW

Score

10^/10

sakula persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

easy_Malicious_1941f839ec28e90940c0e950f60c0c9b254bf30ed30b2f9d83a644239c01f96c.exe

Resource

win7-20230703-en

sakula persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

easy_Malicious_1941f839ec28e90940c0e950f60c0c9b254bf30ed30b2f9d83a644239c01f96c.exe

Resource

win10v2004-20230621-en

sakula persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  easy_Malicious_1941f839ec28e90940c0e950f60c0c9b254bf30ed30b2f9d83a644239c01f96c.exe
- Size
  
  109KB
- MD5
  
  9e01a52b56d80a49feac8a7849539069
- SHA1
  
  868857c5ec1600956cc955e65cad9dc1c1555f1e
- SHA256
  
  8df10a1c1f6072515a6155734ca71184e71deea8988e614d5135997fa54ea5ee
- SHA512
  
  9297319fc893a570c29eb92a27a7b3d9abad7a32ba25edb866971e39991993ad904f6210763ec25881f12c65d68e2d92206daccbb2fc3c46f0e7e436d916f1a0
- SSDEEP
  
  3072:529DkEGRxixVSjLXt+rl30BXqqqqLkCakCW:529qRsVSndg30BXqqqqPCW
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy