Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
4bcd9b4b41fd4fa922924b0b02a35d2dae91d4101f7ba060be11735de9fa8371.exe
-
Size
43KB
-
Sample
250212-te7acsylev
-
MD5
891e3132ac5e6b82209ceafcea12f41c
-
SHA1
d849546400baa08c756a8f5d420239cc233423f6
-
SHA256
4bcd9b4b41fd4fa922924b0b02a35d2dae91d4101f7ba060be11735de9fa8371
-
SHA512
70123ecaa233fccb1b8c34341d4bd1772deb6ecf7b75cb8c09fe18be6b7a9e57e5ab7be2867245625e05020d822267bb8aeab4f17e9d1beed4d1679c4b9f2adb
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq9:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8/
Malware Config
Targets
-
-
Target
4bcd9b4b41fd4fa922924b0b02a35d2dae91d4101f7ba060be11735de9fa8371.exe
-
Size
43KB
-
MD5
891e3132ac5e6b82209ceafcea12f41c
-
SHA1
d849546400baa08c756a8f5d420239cc233423f6
-
SHA256
4bcd9b4b41fd4fa922924b0b02a35d2dae91d4101f7ba060be11735de9fa8371
-
SHA512
70123ecaa233fccb1b8c34341d4bd1772deb6ecf7b75cb8c09fe18be6b7a9e57e5ab7be2867245625e05020d822267bb8aeab4f17e9d1beed4d1679c4b9f2adb
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taq9:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8/
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1