sakula | c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5

c525de6271...95.exe

windows7-x64

c525de6271...95.exe

windows10-2004-x64

Sharing

General

Target

c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95
Size

43KB
Sample

250305-lft3esvqz3
MD5

9bfadf60b0b7866c86974c56719f7d6d
SHA1

cf20ed4c5d7ceb734470949c124ecf6c8a18f798
SHA256

c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95
SHA512

4085338d2ed9ef62a496cea13746b5b333a598ccfe71db5e450f2de3b7da5f16a59f6d8b501d6a63c3e0075b3f71df51e27fe43a82da39816daaf20414dec990
SSDEEP

768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqA:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8i

Score

10^/10

sakula discovery persistence rat trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95.exe

Resource

win7-20241010-en

sakula discovery persistence rat trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95.exe

Resource

win10v2004-20250217-en

sakula discovery persistence rat trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95
- Size
  
  43KB
- MD5
  
  9bfadf60b0b7866c86974c56719f7d6d
- SHA1
  
  cf20ed4c5d7ceb734470949c124ecf6c8a18f798
- SHA256
  
  c525de627105fb9370a058cbdd19cb54f16ec17e7b8df50359dcbf4d2671cd95
- SHA512
  
  4085338d2ed9ef62a496cea13746b5b333a598ccfe71db5e450f2de3b7da5f16a59f6d8b501d6a63c3e0075b3f71df51e27fe43a82da39816daaf20414dec990
- SSDEEP
  
  768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqA:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8i
Score

10^/10

sakula discovery persistence rat trojan upx
- Sakula
  Sakula is a remote access trojan with various capabilities.
  trojan rat sakula
- Sakula family
  sakula
- Sakula payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

sakuladiscoverypersistencerattrojanupx

behavioral2

sakuladiscoverypersistencerattrojanupx

© 2018-2025

Terms | Privacy