sakula | e575d4e758b839095a4ea21098e9b937c034d9519822aaf5015873d98f7a042b | Triage

Sharing

General

Target

e575d4e758b839095a4ea21098e9b937c034d9519822aaf5015873d98f7a042b
Size

36KB
Sample

241015-gsbdmasfqk
MD5

ec5dff14299f99ed0f45e729a5936305
SHA1

67d31ed97f246e37d11fdd08885bae14e54dc645
SHA256

e575d4e758b839095a4ea21098e9b937c034d9519822aaf5015873d98f7a042b
SHA512

f00da917a309b6f457af2d0c4ecab4f8e62a7c201ee3d01597ed36c597d0218f7ecadeb7e2c67d17e676d1583bccfd78d32558301806864133083d40defcb6c3
SSDEEP

768:EUoD8uJ8b5BoF50YdY+kbntiBgEffLr/vTzQg419sk:QD8uJ65WYnNYX/7zHOsk

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Targets

- Target
  
  e575d4e758b839095a4ea21098e9b937c034d9519822aaf5015873d98f7a042b
- Size
  
  36KB
- MD5
  
  ec5dff14299f99ed0f45e729a5936305
- SHA1
  
  67d31ed97f246e37d11fdd08885bae14e54dc645
- SHA256
  
  e575d4e758b839095a4ea21098e9b937c034d9519822aaf5015873d98f7a042b
- SHA512
  
  f00da917a309b6f457af2d0c4ecab4f8e62a7c201ee3d01597ed36c597d0218f7ecadeb7e2c67d17e676d1583bccfd78d32558301806864133083d40defcb6c3
- SSDEEP
  
  768:EUoD8uJ8b5BoF50YdY+kbntiBgEffLr/vTzQg419sk:QD8uJ65WYnNYX/7zHOsk
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan