Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2fN.exe
-
Size
89KB
-
Sample
241203-mvz3naxmdj
-
MD5
5f6e669304218c9d069980bbc51ed180
-
SHA1
71bf27d6121ec93b3a21249aa73de55ae4b98664
-
SHA256
b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2f
-
SHA512
e4b76fe8282d2a71729dab29c2dd1ff106501dfa1e7b9cafd9f63cb9553716467bd33d7c8bb536d96e6f4b7df74662ad75b9dfc574ff09aa7b765413ea5a3ff5
-
SSDEEP
1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrE:w29DkEGRQixVSjLaes5G30B4
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2fN.exe
-
Size
89KB
-
MD5
5f6e669304218c9d069980bbc51ed180
-
SHA1
71bf27d6121ec93b3a21249aa73de55ae4b98664
-
SHA256
b11720c9ea3e2089663b777628fa191663cb31a09fd4fdaf2f49f3ea6fcb1d2f
-
SHA512
e4b76fe8282d2a71729dab29c2dd1ff106501dfa1e7b9cafd9f63cb9553716467bd33d7c8bb536d96e6f4b7df74662ad75b9dfc574ff09aa7b765413ea5a3ff5
-
SSDEEP
1536:PQFl29mEkE0L1rDEKrxZKF2zf9g2Pl7W/MwbxMX+ees52z30rtrE:w29DkEGRQixVSjLaes5G30B4
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1