sakula | 9c47ea249ca21adeaa685a84dc87429444a89b1b6ae635973746c16910df06ad | Triage

Sharing

General

Target

f7ca2210f744076f50ed518b27aff974_JaffaCakes118
Size

321KB
Sample

240926-hfxa1aware
MD5

f7ca2210f744076f50ed518b27aff974
SHA1

b389b53bd2cf86bd621846c309e0d858c6b1e6c8
SHA256

9c47ea249ca21adeaa685a84dc87429444a89b1b6ae635973746c16910df06ad
SHA512

6d307d4ea6a8e186baad706f1db274f56b458115e63d80f60d2f40f0f847dc3233c716344b6d34b57f9a20d583bbf12c27ff87721266083ffc48cdd5389334c3
SSDEEP

1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJm:F0hpgz6xGhTjwHN30BE8BsZhO

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Targets

- Target
  
  f7ca2210f744076f50ed518b27aff974_JaffaCakes118
- Size
  
  321KB
- MD5
  
  f7ca2210f744076f50ed518b27aff974
- SHA1
  
  b389b53bd2cf86bd621846c309e0d858c6b1e6c8
- SHA256
  
  9c47ea249ca21adeaa685a84dc87429444a89b1b6ae635973746c16910df06ad
- SHA512
  
  6d307d4ea6a8e186baad706f1db274f56b458115e63d80f60d2f40f0f847dc3233c716344b6d34b57f9a20d583bbf12c27ff87721266083ffc48cdd5389334c3
- SSDEEP
  
  1536:aoaj1hJL1S9t0MIeboal8bCKxo7h0RP0jwHVz30rtroZeBsCXKTnhxJm:F0hpgz6xGhTjwHN30BE8BsZhO
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan