General
-
Target
NEAS.bdc85b65d3e97dc0c7652f16bd2e5d70.exe
-
Size
92KB
-
Sample
231118-daw1tshf59
-
MD5
bdc85b65d3e97dc0c7652f16bd2e5d70
-
SHA1
1b5786e8e13e8367ab267c04f31802e6002ce891
-
SHA256
9280b0227c5afac24657d29984c2303baf48db2451e292345757ca5736cbc630
-
SHA512
da3039d6dc74c08c98be2e2c6ab7ac5d4bd368ae72bb1b0cf4cc05f2108bd48c1c1636566334cd06afc293c703e267cfb1195d6a02c001d81e28ca78a3eb7c37
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrf:9bfVk29te2jqxCEtg30B7
Behavioral task
behavioral1
Sample
NEAS.bdc85b65d3e97dc0c7652f16bd2e5d70.exe
Resource
win7-20231025-en
Behavioral task
behavioral2
Sample
NEAS.bdc85b65d3e97dc0c7652f16bd2e5d70.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
NEAS.bdc85b65d3e97dc0c7652f16bd2e5d70.exe
-
Size
92KB
-
MD5
bdc85b65d3e97dc0c7652f16bd2e5d70
-
SHA1
1b5786e8e13e8367ab267c04f31802e6002ce891
-
SHA256
9280b0227c5afac24657d29984c2303baf48db2451e292345757ca5736cbc630
-
SHA512
da3039d6dc74c08c98be2e2c6ab7ac5d4bd368ae72bb1b0cf4cc05f2108bd48c1c1636566334cd06afc293c703e267cfb1195d6a02c001d81e28ca78a3eb7c37
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrf:9bfVk29te2jqxCEtg30B7
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-