sakula | 26fc1f02e0b88017b99d811342a5b00753a944832fcf94b2a08b59065eeaa590 | Triage

Sharing

General

Target

NEAS.9a34b739c35e37e7bffa7e46b73a0b50.exe
Size

40KB
Sample

231111-gqw8badc24
MD5

9a34b739c35e37e7bffa7e46b73a0b50
SHA1

c0d7c30c0a973a501ef3365032607828a80ae2aa
SHA256

26fc1f02e0b88017b99d811342a5b00753a944832fcf94b2a08b59065eeaa590
SHA512

dcbb30236d5c4f76f124ac41507e51d5de37773f3a5b91223f6eba62015aba0b7305cfe6d875606d3ea3e10bebe7850c7b003873e95a6c973ab65c6362625b83
SSDEEP

768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVo:G6zqhyYtkYW/CPnO3A

Score

10^/10

sakula persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

- Target
  
  NEAS.9a34b739c35e37e7bffa7e46b73a0b50.exe
- Size
  
  40KB
- MD5
  
  9a34b739c35e37e7bffa7e46b73a0b50
- SHA1
  
  c0d7c30c0a973a501ef3365032607828a80ae2aa
- SHA256
  
  26fc1f02e0b88017b99d811342a5b00753a944832fcf94b2a08b59065eeaa590
- SHA512
  
  dcbb30236d5c4f76f124ac41507e51d5de37773f3a5b91223f6eba62015aba0b7305cfe6d875606d3ea3e10bebe7850c7b003873e95a6c973ab65c6362625b83
- SSDEEP
  
  768:q7Xezc/T6Zp14hyYtoVxYF9mHfCBJTAIO3OtYVo:G6zqhyYtkYW/CPnO3A
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan