sakula | 03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307 | Triage

Sharing

General

Target

03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307
Size

92KB
Sample

250225-x6sg3asqs4
MD5

95da0fe7312b3c437ccbbb22b2489c55
SHA1

6a07b3f887f32dbff63b1e1790a85a1f3e5427a3
SHA256

03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307
SHA512

72956a487f67ccb9542049048658a9ba57a99f19e7ca74af27a21d5510e7b5e61c698e13a6b17756524c303bda481e8180dbb902df16dd9a5476a4a817fe9817
SSDEEP

1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

- Target
  
  03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307
- Size
  
  92KB
- MD5
  
  95da0fe7312b3c437ccbbb22b2489c55
- SHA1
  
  6a07b3f887f32dbff63b1e1790a85a1f3e5427a3
- SHA256
  
  03ae3a30f1450a3f3e5dc9972696291f4b44615171fa23ecd8fd86f048e04307
- SHA512
  
  72956a487f67ccb9542049048658a9ba57a99f19e7ca74af27a21d5510e7b5e61c698e13a6b17756524c303bda481e8180dbb902df16dd9a5476a4a817fe9817
- SSDEEP
  
  1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan

behavioral2

sakuladiscoverypersistencerattrojan