Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics

  • Size

    383KB

  • Sample

    240511-d9xreabd9w

  • MD5

    71b3bf62e56f6f0dea60c36192ef88e0

  • SHA1

    ff108fc1cce699b7702a88e73c128873dc15ce4c

  • SHA256

    b466638aefdb02d527d4f93be21b221d6bdcb8431257bcc2a2c74cabda291e72

  • SHA512

    1a4a7f15ec3cb9fe1303961f55f41bae9a564d2f642f5efd32b02e10f05103f7e6fe998077e4a0d885beebd2a2cb1d25b2ca0713862956a67bc87eada16429ee

  • SSDEEP

    6144:l29q46VSndj30BwwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7Q:d46QnRw8EYiBlMQ

Malware Config

Extracted

Family

sakula

C2

www.polarroute.com

Targets

    • Target

      71b3bf62e56f6f0dea60c36192ef88e0_NeikiAnalytics

    • Size

      383KB

    • MD5

      71b3bf62e56f6f0dea60c36192ef88e0

    • SHA1

      ff108fc1cce699b7702a88e73c128873dc15ce4c

    • SHA256

      b466638aefdb02d527d4f93be21b221d6bdcb8431257bcc2a2c74cabda291e72

    • SHA512

      1a4a7f15ec3cb9fe1303961f55f41bae9a564d2f642f5efd32b02e10f05103f7e6fe998077e4a0d885beebd2a2cb1d25b2ca0713862956a67bc87eada16429ee

    • SSDEEP

      6144:l29q46VSndj30BwwBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7Q:d46QnRw8EYiBlMQ

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks