General
-
Target
NEAS.0874c72cf3157536d1c3d17ce83313f0.exe
-
Size
101KB
-
Sample
231112-lpk6waed4x
-
MD5
0874c72cf3157536d1c3d17ce83313f0
-
SHA1
f92a67d41abf9ae8de071e721964e8071540863a
-
SHA256
ca219104cc6495a3e0956e17f5ab480d270e45df82ebc09319a98110c6f44413
-
SHA512
349d519d74a727812d40aef9465b2735424201d6c30cbe1eb3c62f6d0475570b440402674ef8bafb57e63f3cd4328e8d50e92b5de138ac0b6154f56d9042df13
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz2:/bfVk29te2jqxCEtg30BLbEK
Behavioral task
behavioral1
Sample
NEAS.0874c72cf3157536d1c3d17ce83313f0.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.0874c72cf3157536d1c3d17ce83313f0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.0874c72cf3157536d1c3d17ce83313f0.exe
-
Size
101KB
-
MD5
0874c72cf3157536d1c3d17ce83313f0
-
SHA1
f92a67d41abf9ae8de071e721964e8071540863a
-
SHA256
ca219104cc6495a3e0956e17f5ab480d270e45df82ebc09319a98110c6f44413
-
SHA512
349d519d74a727812d40aef9465b2735424201d6c30cbe1eb3c62f6d0475570b440402674ef8bafb57e63f3cd4328e8d50e92b5de138ac0b6154f56d9042df13
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrfPTEz2:/bfVk29te2jqxCEtg30BLbEK
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-