General
-
Target
NEAS.dd05533d169203a5fc5d1752205ed9ba.exe
-
Size
332KB
-
Sample
231101-kdjcgadf5x
-
MD5
dd05533d169203a5fc5d1752205ed9ba
-
SHA1
5acc75eb219f93b60323d2a059afd5c36695307b
-
SHA256
4efe5f367b03c7f134c7706e47eecdbefe84c604dad7e6b7f07792c67c038bfa
-
SHA512
dce5cef2a1b69263d717cfd0be8743879efa45c8f80e3f3e97ce7988e3397cc40efabb10b63ce38b8c0ece0319f9967a8f2fb41e0b9bdf7cd1dcb9257a7dc480
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/E:NSI2HA
Behavioral task
behavioral1
Sample
NEAS.dd05533d169203a5fc5d1752205ed9ba.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.dd05533d169203a5fc5d1752205ed9ba.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.dd05533d169203a5fc5d1752205ed9ba.exe
-
Size
332KB
-
MD5
dd05533d169203a5fc5d1752205ed9ba
-
SHA1
5acc75eb219f93b60323d2a059afd5c36695307b
-
SHA256
4efe5f367b03c7f134c7706e47eecdbefe84c604dad7e6b7f07792c67c038bfa
-
SHA512
dce5cef2a1b69263d717cfd0be8743879efa45c8f80e3f3e97ce7988e3397cc40efabb10b63ce38b8c0ece0319f9967a8f2fb41e0b9bdf7cd1dcb9257a7dc480
-
SSDEEP
6144:Nj9c2WYd30BKmiPVpU3ypIPr3D3StNynyS/E:NSI2HA
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-