General
-
Target
NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe
-
Size
332KB
-
Sample
231019-a6pd3sch4s
-
MD5
d29cfdc70c8949ea1d67ed359d7581b0
-
SHA1
eb0936510b7ed535779555eeaf54f76c73741a7d
-
SHA256
594d2edd96beec439fadf83aa7f1f3167481f00251b9f9b7cdb2f8af2cfae10f
-
SHA512
9c3fb4f8e89f99aa7f50f4c03e69a0535beaa5bba64c9674e64566f829b108cad96780f771cc0dab99cf4da5618b11cd743b2206f53bfb782e3c9f42ae5c376e
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2HG
Behavioral task
behavioral1
Sample
NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.d29cfdc70c8949ea1d67ed359d7581b0_JC.exe
-
Size
332KB
-
MD5
d29cfdc70c8949ea1d67ed359d7581b0
-
SHA1
eb0936510b7ed535779555eeaf54f76c73741a7d
-
SHA256
594d2edd96beec439fadf83aa7f1f3167481f00251b9f9b7cdb2f8af2cfae10f
-
SHA512
9c3fb4f8e89f99aa7f50f4c03e69a0535beaa5bba64c9674e64566f829b108cad96780f771cc0dab99cf4da5618b11cd743b2206f53bfb782e3c9f42ae5c376e
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/i:NSI2HG
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-