sakula | 2f7aac2dccff2dbe2985a739d8c8b14fd5a0283a841257c26d30266b6077466e | Triage

Sharing

General

Target

4a36db597e851f794634226fc98852f8_JaffaCakes118
Size

4.5MB
Sample

241015-1xf98azamb
MD5

4a36db597e851f794634226fc98852f8
SHA1

dd7b9f7f12e7f522845fedd12da1a27b997df1eb
SHA256

2f7aac2dccff2dbe2985a739d8c8b14fd5a0283a841257c26d30266b6077466e
SHA512

7137c832c1fa4aeff6b56ef7ec93e06b6e74ffd40c276edd03c313a8a7b4adc5074d0d9744b91205e73e18225c777541f5b20770f63f6e45fa531b4d1ad29f50
SSDEEP

24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYn:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYn

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Targets

- Target
  
  4a36db597e851f794634226fc98852f8_JaffaCakes118
- Size
  
  4.5MB
- MD5
  
  4a36db597e851f794634226fc98852f8
- SHA1
  
  dd7b9f7f12e7f522845fedd12da1a27b997df1eb
- SHA256
  
  2f7aac2dccff2dbe2985a739d8c8b14fd5a0283a841257c26d30266b6077466e
- SHA512
  
  7137c832c1fa4aeff6b56ef7ec93e06b6e74ffd40c276edd03c313a8a7b4adc5074d0d9744b91205e73e18225c777541f5b20770f63f6e45fa531b4d1ad29f50
- SSDEEP
  
  24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMYn:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaYn
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan