Sagerunex is a backdoor Trojan whose activity was first spotted in 2018 – cybersecurity experts noticed many similarities between Sagerunex and the Evora backdoor, another piece of malware that was a prime part of the arsenal of Thrip, a cybercrime organization operating in South East Asia. Both Evora and Sagerunex share similar action-logging techniques, and they also use nearly identical techniques to communicate with their Command and Control server. Last but not least, both backdoors have been found on networks that fit the profile of Thrip's usual targets, so there are plenty of reasons to suspect that Sagerunex is nothing else than an evolved version of Evora.
Sageruenx Backdoor is Thrip's Upgrade to Evora
The functionality of the Sagerunex implant is limited relatively, but it provides its operators with all the features they need to extract data from the infected host, as well as install any 3rd-party hacking tools they may need to fulfill their plans. The backdoor gains persistence by using one of the classic techniques – it makes changes to the Windows Registry to ensure that it will run when Windows starts. Some of the active variants of the Sagerunex were hiding under the name 'svchost.exe' on the infected system – this is a legitimate process related to many of Windows' core services.
The Sagerunex backdoor is being controlled via commands sent from a remote Command and Control server – the attackers are able to use this connectivity to execute shell commands, as well as download and run additional files on the infected computer.
Organizations can protect their networks from threats like the Sagerunex by enforcing stricter cybersecurity policies, as well as investing in reliable firewall services and anti-virus protection.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to Sagerunex may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.