General

  • Target

    82b565fa498294072fe2935c5f222301_JC.exe

  • Size

    101KB

  • Sample

    230924-yvg3maah75

  • MD5

    82b565fa498294072fe2935c5f222301

  • SHA1

    1443cf64bf5c628a0a1676281ce121427831f874

  • SHA256

    39695dc410cc3fc588b1bb1623051485ceca6bf0f945ffd75cd5346b0d387095

  • SHA512

    b0a59103d1301aa931f7543c0fbad147eaaaf53dc8e97b93f9bfe4e7c2bf30492ed1bee8cdcfc1b656d75aad6fe30f12791f1b122bc56d75905f41107bbaba21

  • SSDEEP

    1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzA:/bfVk29te2jqxCEtg30BLbEM

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      82b565fa498294072fe2935c5f222301_JC.exe

    • Size

      101KB

    • MD5

      82b565fa498294072fe2935c5f222301

    • SHA1

      1443cf64bf5c628a0a1676281ce121427831f874

    • SHA256

      39695dc410cc3fc588b1bb1623051485ceca6bf0f945ffd75cd5346b0d387095

    • SHA512

      b0a59103d1301aa931f7543c0fbad147eaaaf53dc8e97b93f9bfe4e7c2bf30492ed1bee8cdcfc1b656d75aad6fe30f12791f1b122bc56d75905f41107bbaba21

    • SSDEEP

      1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzA:/bfVk29te2jqxCEtg30BLbEM

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks