General
-
Target
NEAS.4ec630cb3c17ea868f7684de52474290.exe
-
Size
101KB
-
Sample
231111-qdd1msge79
-
MD5
4ec630cb3c17ea868f7684de52474290
-
SHA1
f1341276ad3ecc993872f479aef8a03a72a0dd33
-
SHA256
b5fc2ab9a024851867a3bd70e662db6fd1ce3ef724c77f2b39bbda7f13407585
-
SHA512
635af0624ed899dd5955025989e883de099f150bd3c7133fcb07670bb4ca06b9002dffea91c1db9bdea7a2398ef4980ce0bb79743696eeb3d6a1383c0093e604
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzW:/bfVk29te2jqxCEtg30BLbEq
Behavioral task
behavioral1
Sample
NEAS.4ec630cb3c17ea868f7684de52474290.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.4ec630cb3c17ea868f7684de52474290.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.4ec630cb3c17ea868f7684de52474290.exe
-
Size
101KB
-
MD5
4ec630cb3c17ea868f7684de52474290
-
SHA1
f1341276ad3ecc993872f479aef8a03a72a0dd33
-
SHA256
b5fc2ab9a024851867a3bd70e662db6fd1ce3ef724c77f2b39bbda7f13407585
-
SHA512
635af0624ed899dd5955025989e883de099f150bd3c7133fcb07670bb4ca06b9002dffea91c1db9bdea7a2398ef4980ce0bb79743696eeb3d6a1383c0093e604
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEzW:/bfVk29te2jqxCEtg30BLbEq
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-