General
-
Target
NEAS.d48e4414944271b84832328e97f68929.exe
-
Size
92KB
-
Sample
231028-wgjm7ada2s
-
MD5
d48e4414944271b84832328e97f68929
-
SHA1
e16e458d8119b5976ce6a5db1633bb6414f718a1
-
SHA256
22efc0cd8cb03e570b474c550bf02e942be83beea9b8ae7cb7cce50e7c1ce00e
-
SHA512
b195b290ea332b74f0208ca235a10b266af180ac595e64a5364a7fa2bfe955e25e51181eff68670591f7d988da133c5f318d6ff08a8ed8898d538a251888d1a1
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrd:9bfVk29te2jqxCEtg30Bx
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.d48e4414944271b84832328e97f68929.exe
-
Size
92KB
-
MD5
d48e4414944271b84832328e97f68929
-
SHA1
e16e458d8119b5976ce6a5db1633bb6414f718a1
-
SHA256
22efc0cd8cb03e570b474c550bf02e942be83beea9b8ae7cb7cce50e7c1ce00e
-
SHA512
b195b290ea332b74f0208ca235a10b266af180ac595e64a5364a7fa2bfe955e25e51181eff68670591f7d988da133c5f318d6ff08a8ed8898d538a251888d1a1
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrd:9bfVk29te2jqxCEtg30Bx
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-