sakula | 919b7ab3ae3534b5f996d231b269f9d1e72830a17d96cd350ce320c3ad5cd6aa | Triage

Sharing

General

Target

NEAS.b7f5edce3547da45966a78dea9d6ba90_JC.exe
Size

38KB
Sample

231027-bz3hsscf44
MD5

b7f5edce3547da45966a78dea9d6ba90
SHA1

85ad447a9456a5ec344ea6b6557722904d5497f0
SHA256

919b7ab3ae3534b5f996d231b269f9d1e72830a17d96cd350ce320c3ad5cd6aa
SHA512

a9d6db8cef21464008d078d5e042899a26046fb3ff88d253be341d02100bcebf55e5b18f6858ee9d75a9620a2a76817c5105c92eb991f2a6036d927b8ed2f74f
SSDEEP

768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV5:a6zqhyYtkYWI3Bm

Score

10^/10

sakula persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

- Target
  
  NEAS.b7f5edce3547da45966a78dea9d6ba90_JC.exe
- Size
  
  38KB
- MD5
  
  b7f5edce3547da45966a78dea9d6ba90
- SHA1
  
  85ad447a9456a5ec344ea6b6557722904d5497f0
- SHA256
  
  919b7ab3ae3534b5f996d231b269f9d1e72830a17d96cd350ce320c3ad5cd6aa
- SHA512
  
  a9d6db8cef21464008d078d5e042899a26046fb3ff88d253be341d02100bcebf55e5b18f6858ee9d75a9620a2a76817c5105c92eb991f2a6036d927b8ed2f74f
- SSDEEP
  
  768:u7Xezc/T6Zp14hyYtoVxYF9mHF1yD3BmNV5:a6zqhyYtkYWI3Bm
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan