Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

  • Size

    331KB

  • Sample

    240805-yj2ynawfqq

  • MD5

    84227dfd0421e4e91863f0e5396ea974

  • SHA1

    c5ffe9ec1fa7651b390baf4010a26b59fb884e19

  • SHA256

    2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

  • SHA512

    f0e706a36b3b2036838ea0fc37383343de9909f7b62905652f2230f2e84de8f0fe51e26cdf581f384fde106230bd720fa486242736a9ac5bf3d283cc14bde556

  • SSDEEP

    6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/5:NSI2Hl

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

    • Size

      331KB

    • MD5

      84227dfd0421e4e91863f0e5396ea974

    • SHA1

      c5ffe9ec1fa7651b390baf4010a26b59fb884e19

    • SHA256

      2955a706f39c2530395b1e19ece5323e5064c1c777fac0f85cd90e7c8cb778e6

    • SHA512

      f0e706a36b3b2036838ea0fc37383343de9909f7b62905652f2230f2e84de8f0fe51e26cdf581f384fde106230bd720fa486242736a9ac5bf3d283cc14bde556

    • SSDEEP

      6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/5:NSI2Hl

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks