General

  • Target

    0740ec77561fb77d204cd46b4edf1c70N.exe

  • Size

    92KB

  • Sample

    240827-as1j7atbrh

  • MD5

    0740ec77561fb77d204cd46b4edf1c70

  • SHA1

    e8f4b37515e9c9af1faa81a9e67220930702128b

  • SHA256

    8ab78b1aca7c5cb151ab984137fe8a1504f9a29a05597d0f83cd5e032c872e84

  • SHA512

    cb5f8b83f3b2f3312361badda287597344498dae6a0f15f02e6f5c8cc337e715f31c101160a8ee8c0ad05acec4a1c22b6b045d014225c440c483d1e7d1fdbb6f

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrv:9bfVk29te2jqxCEtg30BD

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      0740ec77561fb77d204cd46b4edf1c70N.exe

    • Size

      92KB

    • MD5

      0740ec77561fb77d204cd46b4edf1c70

    • SHA1

      e8f4b37515e9c9af1faa81a9e67220930702128b

    • SHA256

      8ab78b1aca7c5cb151ab984137fe8a1504f9a29a05597d0f83cd5e032c872e84

    • SHA512

      cb5f8b83f3b2f3312361badda287597344498dae6a0f15f02e6f5c8cc337e715f31c101160a8ee8c0ad05acec4a1c22b6b045d014225c440c483d1e7d1fdbb6f

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrv:9bfVk29te2jqxCEtg30BD

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks