sakula | 86803a8a339c1ce9a51af13f714a058728fe51fce50f3058c4307a489f0e69e1 | Triage

Sharing

General

Target

AdobeUpdate.exe
Size

101KB
Sample

240916-29qvvsvemr
MD5

844b5faea55061d08a0be386788147f0
SHA1

267221b68281526500f997a0780f02ead0079f88
SHA256

86803a8a339c1ce9a51af13f714a058728fe51fce50f3058c4307a489f0e69e1
SHA512

f38173c1a159040a12fc1da5d964c62d64c4abe1ddda47614393b3ae49bf104f46efc7710528b8c519cfa14f4d290d025c0284cac4cd824ae035fbadda286850
SSDEEP

1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrGPTEzO:/bfVk29te2jqxCEtg30BibE6

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

- Target
  
  AdobeUpdate.exe
- Size
  
  101KB
- MD5
  
  844b5faea55061d08a0be386788147f0
- SHA1
  
  267221b68281526500f997a0780f02ead0079f88
- SHA256
  
  86803a8a339c1ce9a51af13f714a058728fe51fce50f3058c4307a489f0e69e1
- SHA512
  
  f38173c1a159040a12fc1da5d964c62d64c4abe1ddda47614393b3ae49bf104f46efc7710528b8c519cfa14f4d290d025c0284cac4cd824ae035fbadda286850
- SSDEEP
  
  1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrGPTEzO:/bfVk29te2jqxCEtg30BibE6
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan