sakula | 6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965 | Triage

Sharing

General

Target

JaffaCakes118_c97b519b7132f82a64bdb943466ad984
Size

4.5MB
Sample

250109-qxfzca1lft
MD5

c97b519b7132f82a64bdb943466ad984
SHA1

8acc0bfbbbcbf5b98ce5190aafb6ec57b4d3c836
SHA256

6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965
SHA512

0ceb88b93d9280c54e039b39bfb0195759b6c52a4abb77b92fa4ddb9c7d08f1f50bc4a50ab9d92897bca5b3601cae90218f45b64070bdb1b4a7911551a4d4c9c
SSDEEP

24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMY/:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaY/

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_c97b519b7132f82a64bdb943466ad984
- Size
  
  4.5MB
- MD5
  
  c97b519b7132f82a64bdb943466ad984
- SHA1
  
  8acc0bfbbbcbf5b98ce5190aafb6ec57b4d3c836
- SHA256
  
  6a3ecd6dd8f8099413faeda6715cf1be7c4fd9388a5e35e2084d7641fc143965
- SHA512
  
  0ceb88b93d9280c54e039b39bfb0195759b6c52a4abb77b92fa4ddb9c7d08f1f50bc4a50ab9d92897bca5b3601cae90218f45b64070bdb1b4a7911551a4d4c9c
- SSDEEP
  
  24576:0+9mrnE2Zjll/6b8h3UZrgEu8CkBW+M3nXvIMfhlG144EE/f5DBMY/:0Y2ZjlkWEZw8Jk+EXvIMfP4FRaY/
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan