General
-
Target
NEAS.9db08939eb0df4981c39f473f33f7e40.exe
-
Size
332KB
-
Sample
231013-zbq2vseh78
-
MD5
9db08939eb0df4981c39f473f33f7e40
-
SHA1
e4a86ea0f7a4327ae9fd064215c4daccd0cf1752
-
SHA256
15f908c24d99451d90104938685ca2513df8564172635325f4b9754f9c8220c1
-
SHA512
be4789b0120f38ee925708a327f860fdc866a88668285d1010abb7be51b9700c64c47f3439e0fa38f5462f719ca27e313adb60f36fd950b4a318b70863b40e98
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2Hu
Behavioral task
behavioral1
Sample
NEAS.9db08939eb0df4981c39f473f33f7e40.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.9db08939eb0df4981c39f473f33f7e40.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.9db08939eb0df4981c39f473f33f7e40.exe
-
Size
332KB
-
MD5
9db08939eb0df4981c39f473f33f7e40
-
SHA1
e4a86ea0f7a4327ae9fd064215c4daccd0cf1752
-
SHA256
15f908c24d99451d90104938685ca2513df8564172635325f4b9754f9c8220c1
-
SHA512
be4789b0120f38ee925708a327f860fdc866a88668285d1010abb7be51b9700c64c47f3439e0fa38f5462f719ca27e313adb60f36fd950b4a318b70863b40e98
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2Hu
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-