sakula | 456e4684d4e7bc63e8f585e8f2bf3cb48c10b75ffb9db3298281a517cecc0a7c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4791865ad5424ba65af59d2a19dc43a8
Size

89KB
Sample

231219-r9qjzshdem
MD5

4791865ad5424ba65af59d2a19dc43a8
SHA1

c11791cc6c8833c693a26ee9eb195805df5560cb
SHA256

456e4684d4e7bc63e8f585e8f2bf3cb48c10b75ffb9db3298281a517cecc0a7c
SHA512

b65d95396a528729c888870742170c7fd6596786994a622d76151a7054f83c114f2a9edf057459ac580fe6303fff3171c1018e192303538221d1065de73d865c
SSDEEP

1536:rQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrN:c29DkEGRQixVSjLaes5G30B5

Score

10^/10

sakula persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  4791865ad5424ba65af59d2a19dc43a8
- Size
  
  89KB
- MD5
  
  4791865ad5424ba65af59d2a19dc43a8
- SHA1
  
  c11791cc6c8833c693a26ee9eb195805df5560cb
- SHA256
  
  456e4684d4e7bc63e8f585e8f2bf3cb48c10b75ffb9db3298281a517cecc0a7c
- SHA512
  
  b65d95396a528729c888870742170c7fd6596786994a622d76151a7054f83c114f2a9edf057459ac580fe6303fff3171c1018e192303538221d1065de73d865c
- SSDEEP
  
  1536:rQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrN:c29DkEGRQixVSjLaes5G30B5
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2