sakula | 6b6c1d533920561ebfc89ce7657be981ec08b8b7aaab907866c900f44db7b7fb | Triage

Sharing

General

Target

NEAS.ea9771cc9b21b2390d684fed3eb5ae90.exe
Size

40KB
Sample

231103-n9t1maaa3v
MD5

ea9771cc9b21b2390d684fed3eb5ae90
SHA1

b3572c8a9ee0440a37092091ee8c3868a2b9a331
SHA256

6b6c1d533920561ebfc89ce7657be981ec08b8b7aaab907866c900f44db7b7fb
SHA512

33bc6ee6dd182b1ba001ba48081a1825299e9c9f355690ebbd55bd58b5647e52c13ec2ba638d244a64885febb512d7b07017a9fe3a7d1061cf59ba17a5ca173d
SSDEEP

768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW:G6zqhyYtkYW/CPnO3O

Score

10^/10

sakula persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

- Target
  
  NEAS.ea9771cc9b21b2390d684fed3eb5ae90.exe
- Size
  
  40KB
- MD5
  
  ea9771cc9b21b2390d684fed3eb5ae90
- SHA1
  
  b3572c8a9ee0440a37092091ee8c3868a2b9a331
- SHA256
  
  6b6c1d533920561ebfc89ce7657be981ec08b8b7aaab907866c900f44db7b7fb
- SHA512
  
  33bc6ee6dd182b1ba001ba48081a1825299e9c9f355690ebbd55bd58b5647e52c13ec2ba638d244a64885febb512d7b07017a9fe3a7d1061cf59ba17a5ca173d
- SSDEEP
  
  768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW:G6zqhyYtkYW/CPnO3O
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan