sakula | 2770111e9c78bdad80466d60982f0d3f576e051dc8c566d504a1c59cce0a33d0 | Triage

Submit
Reports

Overview

overview

Static

static

JaffaCakes...83.exe

windows7-x64

JaffaCakes...83.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83
Size

150KB
Sample

250103-vbf5fawpfk
MD5

6e092b58c6215f860f0255f3fb5f2f83
SHA1

3bb49785892deafff5c8ee6b05c95aa17466d3f2
SHA256

2770111e9c78bdad80466d60982f0d3f576e051dc8c566d504a1c59cce0a33d0
SHA512

2547341fe729b7b9344b65c9b093ab067fd9b0f7108a9d5c2f94724ddd7a09998f95185b65b5edfc6f3cd160f05332c89b870ca89ce9d5c1372f406855468a1a
SSDEEP

3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwM:H29qRfVSnt30Bbt+IhDFM

Score

10^/10

sakula discovery persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83.exe

Resource

win7-20240903-en

sakula discovery persistence rat trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83.exe

Resource

win10v2004-20241007-en

sakula discovery persistence rat trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  JaffaCakes118_6e092b58c6215f860f0255f3fb5f2f83
- Size
  
  150KB
- MD5
  
  6e092b58c6215f860f0255f3fb5f2f83
- SHA1
  
  3bb49785892deafff5c8ee6b05c95aa17466d3f2
- SHA256
  
  2770111e9c78bdad80466d60982f0d3f576e051dc8c566d504a1c59cce0a33d0
- SHA512
  
  2547341fe729b7b9344b65c9b093ab067fd9b0f7108a9d5c2f94724ddd7a09998f95185b65b5edfc6f3cd160f05332c89b870ca89ce9d5c1372f406855468a1a
- SSDEEP
  
  3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwM:H29qRfVSnt30Bbt+IhDFM
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan

© 2018-2025

Terms | Privacy