sakula | 02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

02f6892566...f7.exe

windows7-x64

02f6892566...f7.exe

windows10-2004-x64

Sharing

General

Target

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
Size

5.2MB
Sample

230807-qmnlfagg3w
MD5

82a801529478f463148878aecba8f75b
SHA1

dc31ca34d15ecf84a1d3d16560089d382237cfbe
SHA256

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
SHA512

e3bfcaa4f51704999e8bdad911babbff141f89f1ab15abb0ae6d06612527df630c821d68e87c652db76d6b62d365edda61d3f1a9ef7589905013d8b877a7e3c1
SSDEEP

6144:H29qRfVSnt30Bbt+IhDFAT/HAkJtkJxkJ5kJekJXkJuJ6kJuJZkJuJvkJuJmkJuG:TRfQnA+2m18i

Score

10^/10

sakula persistence rat trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7.exe

Resource

win7-20230712-en

sakula persistence rat trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7.exe

Resource

win10v2004-20230703-en

sakula persistence rat trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

- Target
  
  02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
- Size
  
  5.2MB
- MD5
  
  82a801529478f463148878aecba8f75b
- SHA1
  
  dc31ca34d15ecf84a1d3d16560089d382237cfbe
- SHA256
  
  02f68925669ee7937e4d40c45522a647cad0d84bf82de94682fa1957785e66f7
- SHA512
  
  e3bfcaa4f51704999e8bdad911babbff141f89f1ab15abb0ae6d06612527df630c821d68e87c652db76d6b62d365edda61d3f1a9ef7589905013d8b877a7e3c1
- SSDEEP
  
  6144:H29qRfVSnt30Bbt+IhDFAT/HAkJtkJxkJ5kJekJXkJuJ6kJuJZkJuJvkJuJmkJuG:TRfQnA+2m18i
Score

10^/10

sakula persistence rat trojan
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula payload
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakulapersistencerattrojan

behavioral2

sakulapersistencerattrojan

© 2018-2025

Terms | Privacy