sakula | 2f9587beab6f18ccf6dfbba33f6923aed82eb6639973b76ffd757c91d2426847 | Triage

Sharing

General

Target

2f9587beab6f18ccf6dfbba33f6923aed82eb6639973b76ffd757c91d2426847
Size

48KB
Sample

250412-1twwhastct
MD5

06b8ec3185faccd56aa2680267c25793
SHA1

1309feb6d5238ce23114f565b4f679bf38cbd83e
SHA256

2f9587beab6f18ccf6dfbba33f6923aed82eb6639973b76ffd757c91d2426847
SHA512

f6410b7335c60ff9a0223341003e16d23f121ddc6f18c5286e1c9660c9fcf81e1777ff186e53a43f59bfa510ae05e4d68385df8bfac6667de21e27bad0dd73a1
SSDEEP

768:RaSCio6y6y/FCBJTAIO3OtYVUPsED3VK2+ZtyOjgO4r9vFAg2rqO:5w6y/FCPnO3sYTjipvF2Z

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

http://www.we11point.com:443/view.asp?cookie=%s&type=%d&vid=%d

http://www.we11point.com:443/photo/%s.jpg?vid=%d

Targets

- Target
  
  2f9587beab6f18ccf6dfbba33f6923aed82eb6639973b76ffd757c91d2426847
- Size
  
  48KB
- MD5
  
  06b8ec3185faccd56aa2680267c25793
- SHA1
  
  1309feb6d5238ce23114f565b4f679bf38cbd83e
- SHA256
  
  2f9587beab6f18ccf6dfbba33f6923aed82eb6639973b76ffd757c91d2426847
- SHA512
  
  f6410b7335c60ff9a0223341003e16d23f121ddc6f18c5286e1c9660c9fcf81e1777ff186e53a43f59bfa510ae05e4d68385df8bfac6667de21e27bad0dd73a1
- SSDEEP
  
  768:RaSCio6y6y/FCBJTAIO3OtYVUPsED3VK2+ZtyOjgO4r9vFAg2rqO:5w6y/FCPnO3sYTjipvF2Z
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan