Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
abd5b72af7ebe14e1c3b7540de2e30cf31e852b53b2c6a55251a6e6756e35a51
-
Size
212KB
-
Sample
240308-14m2cahh2s
-
MD5
1357e64b7017ef220c506b4b539e1a87
-
SHA1
2eaa81c569c5e626d8a36dbdafa285a88d1c2ab1
-
SHA256
abd5b72af7ebe14e1c3b7540de2e30cf31e852b53b2c6a55251a6e6756e35a51
-
SHA512
e226ca35d6e841f0e9b3eacfb323cdecdc4e6a950dcbe6295203cd9ef55d2038c9d9b24c662d6d7f7a77cabface9b2d73fc70fa56f1e6d6e8be561c6bbcca012
-
SSDEEP
1536:ftQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0SanB1:u29DkEGRQixVSjLc130BYgjXjpgnB1
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
abd5b72af7ebe14e1c3b7540de2e30cf31e852b53b2c6a55251a6e6756e35a51
-
Size
212KB
-
MD5
1357e64b7017ef220c506b4b539e1a87
-
SHA1
2eaa81c569c5e626d8a36dbdafa285a88d1c2ab1
-
SHA256
abd5b72af7ebe14e1c3b7540de2e30cf31e852b53b2c6a55251a6e6756e35a51
-
SHA512
e226ca35d6e841f0e9b3eacfb323cdecdc4e6a950dcbe6295203cd9ef55d2038c9d9b24c662d6d7f7a77cabface9b2d73fc70fa56f1e6d6e8be561c6bbcca012
-
SSDEEP
1536:ftQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX++pdz30rtr8gjXjp0SanB1:u29DkEGRQixVSjLc130BYgjXjpgnB1
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-