sakula | 26e3e2a08ffb9dabea8d50b16118c014e34a663b73822068dc007f28b9c63b52 | Triage

Sharing

General

Target

2025-04-14_5b21c39d84d16bc50b39e37bfdd6bce3_amadey_elex_rhadamanthys_sakula_smoke-loader
Size

92KB
Sample

250415-aygz2avnv6
MD5

5b21c39d84d16bc50b39e37bfdd6bce3
SHA1

d213cf091d77e61da2cd0f7ea512e798b55babb4
SHA256

26e3e2a08ffb9dabea8d50b16118c014e34a663b73822068dc007f28b9c63b52
SHA512

e8484364de73f4f64246c5021a5dc2ae954b20c77fd25df24153bd03a04b3fe6ea55b5ebab235f529d9b49c980c31e2b59473a317462ce3c6b0e5fcf15ace1e8
SSDEEP

1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr3:9bfVk29te2jqxCEtg30Bb

Score

10^/10

sakula discovery persistence rat trojan

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

- Target
  
  2025-04-14_5b21c39d84d16bc50b39e37bfdd6bce3_amadey_elex_rhadamanthys_sakula_smoke-loader
- Size
  
  92KB
- MD5
  
  5b21c39d84d16bc50b39e37bfdd6bce3
- SHA1
  
  d213cf091d77e61da2cd0f7ea512e798b55babb4
- SHA256
  
  26e3e2a08ffb9dabea8d50b16118c014e34a663b73822068dc007f28b9c63b52
- SHA512
  
  e8484364de73f4f64246c5021a5dc2ae954b20c77fd25df24153bd03a04b3fe6ea55b5ebab235f529d9b49c980c31e2b59473a317462ce3c6b0e5fcf15ace1e8
- SSDEEP
  
  1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr3:9bfVk29te2jqxCEtg30Bb
Score

10^/10

sakula discovery persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojan