General
-
Target
NEAS.fe66ab5f04442c4cdc95bf3ac05183b0_JC.exe
-
Size
92KB
-
Sample
231026-2gpr4ahb41
-
MD5
fe66ab5f04442c4cdc95bf3ac05183b0
-
SHA1
6e66dc054e53ba8cc4d467eab8f663d79bcc3ccf
-
SHA256
f6ff6b60a49cf3610da6921b2735d4b14b30e62a2abc291d3404342863d497bb
-
SHA512
2135bda00db36baa2f2b66092293cdf9ecf32a7378d1d9894aa9b45ac1ccc5e8676f1106d56c2f54c2e84420bfda5b3765ff64b0de4f44e395abf4dbf58aa7f9
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr/:9bfVk29te2jqxCEtg30Bz
Behavioral task
behavioral1
Sample
NEAS.fe66ab5f04442c4cdc95bf3ac05183b0_JC.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.fe66ab5f04442c4cdc95bf3ac05183b0_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.fe66ab5f04442c4cdc95bf3ac05183b0_JC.exe
-
Size
92KB
-
MD5
fe66ab5f04442c4cdc95bf3ac05183b0
-
SHA1
6e66dc054e53ba8cc4d467eab8f663d79bcc3ccf
-
SHA256
f6ff6b60a49cf3610da6921b2735d4b14b30e62a2abc291d3404342863d497bb
-
SHA512
2135bda00db36baa2f2b66092293cdf9ecf32a7378d1d9894aa9b45ac1ccc5e8676f1106d56c2f54c2e84420bfda5b3765ff64b0de4f44e395abf4dbf58aa7f9
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr/:9bfVk29te2jqxCEtg30Bz
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-