sakula | 5444f6432f1d82d11dcf35928e77cd69cc26287a08dad5c324a26adedf7a005a | Triage

Sharing

General

Target

13519583058.zip
Size

215KB
Sample

231213-t2fqxsfber
MD5

c6687162683f77a0f97c817fd7ba0b92
SHA1

42712c42db44200d7ce7b75ebe24fa96df538e9d
SHA256

5444f6432f1d82d11dcf35928e77cd69cc26287a08dad5c324a26adedf7a005a
SHA512

65a6f69c653e5c16cca9b5a2ae6230e048d872059e11cb5793d67db53f4004a42e2469d3610669cfc3d6a86a2211bf54fcb041e9a8ea2ac2d3bd6e70ddf92fec
SSDEEP

3072:/F0AltKlQlxElKEisGITCJtKbT5vhvoPvuUnXAWuyJHcWK0VNONNqffAwpdv:/FZwOzxHuCTUWPv/AZINMNqXAwD

Score

10^/10

sakula persistence rat trojan

Malware Config

Targets

- Target
  
  d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d
- Size
  
  438KB
- MD5
  
  230d8a7a60a07df28a291b13ddf3351f
- SHA1
  
  de71fd21781ae1eed0dbba6bf915a65cc4c0f984
- SHA256
  
  d4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d
- SHA512
  
  b3305950a8d24b247a16b35d49f53dfbc367332879ddafcb7d95a1c44ec02f7ed66d26acbf9992bf39193094c7bbefcbbe59ae514619491e148bb59cb32ddf01
- SSDEEP
  
  6144:Ldgv30si81H+Uyc4WLrxBcQtz8Q0bDC3zUonh8CD2Kc+hO:W71HTyc4WnxBF8Q02UonhsF+hO
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2