sakula | 2806314b9ed9d7b909c866ed8dfe0cd745e5f0d0be520c3265383782ad0b67bb | Triage

Sharing

General

Target

NEAS.0f4523660b7d8c30dd68c3b765140730.exe
Size

72KB
Sample

231111-bqbcysea27
MD5

0f4523660b7d8c30dd68c3b765140730
SHA1

dd96c744fd1546c23b695e982ea11222cc5cf9b6
SHA256

2806314b9ed9d7b909c866ed8dfe0cd745e5f0d0be520c3265383782ad0b67bb
SHA512

b2de1c0f5449407f5944b863dae79d4d305f39d1b86dbef430f27dc04cf2e710ac2391b38792e3a6050e818fdc4e3221048233f2db2f014bbc01bbbc87bcec30
SSDEEP

768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyG:G6zqhyYtkYW/CPnO3ajwyG

Score

10^/10

sakula persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

- Target
  
  NEAS.0f4523660b7d8c30dd68c3b765140730.exe
- Size
  
  72KB
- MD5
  
  0f4523660b7d8c30dd68c3b765140730
- SHA1
  
  dd96c744fd1546c23b695e982ea11222cc5cf9b6
- SHA256
  
  2806314b9ed9d7b909c866ed8dfe0cd745e5f0d0be520c3265383782ad0b67bb
- SHA512
  
  b2de1c0f5449407f5944b863dae79d4d305f39d1b86dbef430f27dc04cf2e710ac2391b38792e3a6050e818fdc4e3221048233f2db2f014bbc01bbbc87bcec30
- SSDEEP
  
  768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVW6QptwyG:G6zqhyYtkYW/CPnO3ajwyG
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan