General
-
Target
NEAS.b6bf6da95e04ea9f27b588ce1ca2fdb0.exe
-
Size
332KB
-
Sample
231016-w7pxwsab2t
-
MD5
b6bf6da95e04ea9f27b588ce1ca2fdb0
-
SHA1
e11fdae1b3a6597aa05ebae41095db2922a57269
-
SHA256
7140dee86c66dbaf4f555f9c616b96dccd1cb6f112473a9210777a7818979c5a
-
SHA512
759465600d991a68d02919654fbb6c35cd48459b20323a554bfddcdc6648596b40d795e69665037aba6a3ef98ab0dc751257db47faab3347a6d1f085332e5665
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/W:NSI2Ha
Behavioral task
behavioral1
Sample
NEAS.b6bf6da95e04ea9f27b588ce1ca2fdb0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.b6bf6da95e04ea9f27b588ce1ca2fdb0.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.b6bf6da95e04ea9f27b588ce1ca2fdb0.exe
-
Size
332KB
-
MD5
b6bf6da95e04ea9f27b588ce1ca2fdb0
-
SHA1
e11fdae1b3a6597aa05ebae41095db2922a57269
-
SHA256
7140dee86c66dbaf4f555f9c616b96dccd1cb6f112473a9210777a7818979c5a
-
SHA512
759465600d991a68d02919654fbb6c35cd48459b20323a554bfddcdc6648596b40d795e69665037aba6a3ef98ab0dc751257db47faab3347a6d1f085332e5665
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/W:NSI2Ha
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-