sakula | a1609ac64c824718ee1464c8ee66e24d6167a27c94054185b4595350ab5ee86b | Triage

Sharing

General

Target

a1609ac64c824718ee1464c8ee66e24d6167a27c94054185b4595350ab5ee86b.exe
Size

89KB
Sample

241203-yr68caxjcp
MD5

a82d0957ae9a8473296d7a75b45f3bff
SHA1

edac919768c2bb44efe85e44a784b0e475b777e9
SHA256

a1609ac64c824718ee1464c8ee66e24d6167a27c94054185b4595350ab5ee86b
SHA512

dc33a277a1c23c4952e366abec3851af9c01a0c912e9d9e03ff901f3d04492612d8568ac9869b0e9417714d505b94fe2f0cbd0280b6af323c4301d514164c454
SSDEEP

1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrc:w29DkEGRQixVSjLaes5G30B4

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  a1609ac64c824718ee1464c8ee66e24d6167a27c94054185b4595350ab5ee86b.exe
- Size
  
  89KB
- MD5
  
  a82d0957ae9a8473296d7a75b45f3bff
- SHA1
  
  edac919768c2bb44efe85e44a784b0e475b777e9
- SHA256
  
  a1609ac64c824718ee1464c8ee66e24d6167a27c94054185b4595350ab5ee86b
- SHA512
  
  dc33a277a1c23c4952e366abec3851af9c01a0c912e9d9e03ff901f3d04492612d8568ac9869b0e9417714d505b94fe2f0cbd0280b6af323c4301d514164c454
- SSDEEP
  
  1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrc:w29DkEGRQixVSjLaes5G30B4
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan