General
-
Target
NEAS.64c843ed4bb28832a349736208ed4560_JC.exe
-
Size
92KB
-
Sample
231101-pavnjsga4v
-
MD5
64c843ed4bb28832a349736208ed4560
-
SHA1
03b2aad465f86d5d243dce52221685256f1d07bf
-
SHA256
99694a73d47065a83988606733b3b647fd1a3dc59a0edf6bd7b5eedf9e1fe756
-
SHA512
d0d484de67afe9b9593a1c3d17bef3a357b62fbc8a46836373f6c9f8b58d02bc9d38714bc23bc2e0e18d58445b63b814af0468dc90210c085c5cd7e6612b9cb9
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrG:9bfVk29te2jqxCEtg30Bq
Behavioral task
behavioral1
Sample
NEAS.64c843ed4bb28832a349736208ed4560_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.64c843ed4bb28832a349736208ed4560_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.64c843ed4bb28832a349736208ed4560_JC.exe
-
Size
92KB
-
MD5
64c843ed4bb28832a349736208ed4560
-
SHA1
03b2aad465f86d5d243dce52221685256f1d07bf
-
SHA256
99694a73d47065a83988606733b3b647fd1a3dc59a0edf6bd7b5eedf9e1fe756
-
SHA512
d0d484de67afe9b9593a1c3d17bef3a357b62fbc8a46836373f6c9f8b58d02bc9d38714bc23bc2e0e18d58445b63b814af0468dc90210c085c5cd7e6612b9cb9
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrG:9bfVk29te2jqxCEtg30Bq
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-