sakula | 2b6862758d7e1fa0b613e8ef792cc1c36a85e6c0806094fb9cbe5c36045e1dbf | Triage

Sharing

General

Target

JaffaCakes118_cb9ecf13134922777a9e8f656844275a
Size

4.0MB
Sample

250109-stlrjavpgq
MD5

cb9ecf13134922777a9e8f656844275a
SHA1

38a46544e021317d1a522c06d66844319ef3b3f4
SHA256

2b6862758d7e1fa0b613e8ef792cc1c36a85e6c0806094fb9cbe5c36045e1dbf
SHA512

587e9ec12d68c1cdcc68c01e0e59674ef73ca352d4b9f80d96db831b86cc495da1f48390f639a208264fcb4432567c9b7b5164997f41b737e711cfd6c4196286
SSDEEP

24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY4:DD2Z1qT3Zz888QCwRO/wT/aY4

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Targets

- Target
  
  JaffaCakes118_cb9ecf13134922777a9e8f656844275a
- Size
  
  4.0MB
- MD5
  
  cb9ecf13134922777a9e8f656844275a
- SHA1
  
  38a46544e021317d1a522c06d66844319ef3b3f4
- SHA256
  
  2b6862758d7e1fa0b613e8ef792cc1c36a85e6c0806094fb9cbe5c36045e1dbf
- SHA512
  
  587e9ec12d68c1cdcc68c01e0e59674ef73ca352d4b9f80d96db831b86cc495da1f48390f639a208264fcb4432567c9b7b5164997f41b737e711cfd6c4196286
- SSDEEP
  
  24576:DF9mrnE2Z1y/6oTNBZrBEu8C7jnIQCwRO/wTGS5DBMY4:DD2Z1qT3Zz888QCwRO/wT/aY4
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan