Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
510f38eb3f995b6c2b17fa239783cf776edb978fd66136170f0271bcacb092c3
-
Size
92KB
-
Sample
250310-3at9nssxdz
-
MD5
744a5de5367d3f34de9376315813b309
-
SHA1
81383043e47484c086741f462d100877dddd38f7
-
SHA256
510f38eb3f995b6c2b17fa239783cf776edb978fd66136170f0271bcacb092c3
-
SHA512
e0fbc885ee81c99eef0cd4ecf556172c88133dfb270cfa32abd6a0a8b8e20736763d3bb842fab8e149735fabc24d3b9245040a2da4acccebbb370e6da3930936
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrp:9bfVk29te2jqxCEtg30B9
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
510f38eb3f995b6c2b17fa239783cf776edb978fd66136170f0271bcacb092c3
-
Size
92KB
-
MD5
744a5de5367d3f34de9376315813b309
-
SHA1
81383043e47484c086741f462d100877dddd38f7
-
SHA256
510f38eb3f995b6c2b17fa239783cf776edb978fd66136170f0271bcacb092c3
-
SHA512
e0fbc885ee81c99eef0cd4ecf556172c88133dfb270cfa32abd6a0a8b8e20736763d3bb842fab8e149735fabc24d3b9245040a2da4acccebbb370e6da3930936
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrp:9bfVk29te2jqxCEtg30B9
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1