sakula | 8408e2d947a8860350c89a2c2139c7af6515ddb9d0cc22be8c4112d732707785 | Triage

Submit
Reports

Overview

overview

Static

static

b41037a359...19.exe

windows7-x64

b41037a359...19.exe

windows10-2004-x64

Sharing

General

Target

b41037a3595ab3773a7c254751e1c319
Size

4.0MB
Sample

231220-pyv9zsecg5
MD5

b41037a3595ab3773a7c254751e1c319
SHA1

2b9ec9e5b4307c03534d16a86b2aa84b6f2cdc9c
SHA256

8408e2d947a8860350c89a2c2139c7af6515ddb9d0cc22be8c4112d732707785
SHA512

c9da642c063c49b98a8f3c2433a92425f8cec7e466afa0e06690366ba9fad73cc9ae1210d363bf92c3d59d216c99febce2a7e5b6e649616c6445a76fccbc24ba
SSDEEP

24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMYf:DD2Z1qT3Zz888QCwRO/wT/aYf

Score

10^/10

sakula persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

b41037a3595ab3773a7c254751e1c319.exe

Resource

win7-20231129-en

sakula persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

b41037a3595ab3773a7c254751e1c319.exe

Resource

win10v2004-20231215-en

sakula persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  b41037a3595ab3773a7c254751e1c319
- Size
  
  4.0MB
- MD5
  
  b41037a3595ab3773a7c254751e1c319
- SHA1
  
  2b9ec9e5b4307c03534d16a86b2aa84b6f2cdc9c
- SHA256
  
  8408e2d947a8860350c89a2c2139c7af6515ddb9d0cc22be8c4112d732707785
- SHA512
  
  c9da642c063c49b98a8f3c2433a92425f8cec7e466afa0e06690366ba9fad73cc9ae1210d363bf92c3d59d216c99febce2a7e5b6e649616c6445a76fccbc24ba
- SSDEEP
  
  24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMYf:DD2Z1qT3Zz888QCwRO/wT/aYf
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy