sakula | 2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26 | Triage

Submit
Reports

Overview

overview

Static

static

2312900294...26.exe

windows7-x64

2312900294...26.exe

windows10-2004-x64

Sharing

General

Target

2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26
Size

100KB
Sample

240408-x429gshf24
MD5

0635b48b4b46250f1c9ddf3f426f3cab
SHA1

03e2706dda83ea35edd57cbfd8f0b389b734cc53
SHA256

2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26
SHA512

43d37090974913d1769d7a75a3cb544e2567a12bd4f09c61ac2a3aa4d6f8898b14e912770e5b36e47c82a65b0660d0ac7f502e26e5d8c76bd54410bce093f16a
SSDEEP

1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxl:K0hpgz6xGhZamyF30BNxl

Score

10^/10

sakula persistence rat trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26.exe

Resource

win7-20231129-en

sakula persistence rat trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26.exe

Resource

win10v2004-20240226-en

sakula persistence rat trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26
- Size
  
  100KB
- MD5
  
  0635b48b4b46250f1c9ddf3f426f3cab
- SHA1
  
  03e2706dda83ea35edd57cbfd8f0b389b734cc53
- SHA256
  
  2312900294b883daeb6d3b617afe2f97e9b920fb2e0f604b4b3c53cbc54c9b26
- SHA512
  
  43d37090974913d1769d7a75a3cb544e2567a12bd4f09c61ac2a3aa4d6f8898b14e912770e5b36e47c82a65b0660d0ac7f502e26e5d8c76bd54410bce093f16a
- SSDEEP
  
  1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxl:K0hpgz6xGhZamyF30BNxl
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Detects executables built or packed with MPress PE compressor
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2024

Terms | Privacy