sakula | c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261 | Triage

Submit
Reports

Overview

overview

Static

static

3

c6615109a2...1N.exe

windows7-x64

c6615109a2...1N.exe

windows10-2004-x64

Sharing

General

Target

c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261N
Size

35KB
Sample

241022-hfvgeavbjp
MD5

127d545fa728a7e0bf0d0138e62401a0
SHA1

dc920add81c15bf79ae4c3aaeea636d06678e5ff
SHA256

c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261
SHA512

68fa8c8a549502fee63e0ec572b51a4f3c495efa66460cce2bdeff694867eaefd7322b4a76d12bfe08bf49709259f5a8d3ef6b71b1357ca34ee9f58b81856eac
SSDEEP

768:qwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dt:qwbYP4nuEApQK4TQbtY2gA9DX+ytBOj

Score

10^/10

sakula discovery persistence rat trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261N.exe

Resource

win7-20240903-en

sakula discovery persistence rat trojan

windows7-x64

12 signatures

120 seconds

Behavioral task

behavioral2

Sample

c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261N.exe

Resource

win10v2004-20241007-en

sakula discovery persistence rat trojan

windows10-2004-x64

11 signatures

120 seconds

Malware Config

Targets

- Target
  
  c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261N
- Size
  
  35KB
- MD5
  
  127d545fa728a7e0bf0d0138e62401a0
- SHA1
  
  dc920add81c15bf79ae4c3aaeea636d06678e5ff
- SHA256
  
  c6615109a2d852b8df0b15a7923177617cea8906aec56409e2b7efca9251c261
- SHA512
  
  68fa8c8a549502fee63e0ec572b51a4f3c495efa66460cce2bdeff694867eaefd7322b4a76d12bfe08bf49709259f5a8d3ef6b71b1357ca34ee9f58b81856eac
- SSDEEP
  
  768:qwbYGCv4nuEcJpQK4TQbtKvXwXgA9lJJea+yGCJQqeWnAEv2647Dt:qwbYP4nuEApQK4TQbtY2gA9DX+ytBOj
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan

© 2018-2024

Terms | Privacy