General
-
Target
eecf6c1f552ca12dca8086231c787a50N.exe
-
Size
39KB
-
Sample
240904-c9wnnsvgnh
-
MD5
eecf6c1f552ca12dca8086231c787a50
-
SHA1
4e191fe4b486f7800384550311809537f300aad3
-
SHA256
b447d146d36dd7784ca1270850ec49ba600df047c24bbfe98354dcb8725944cc
-
SHA512
1e61657add10206b7bfc72b0fefa115027953345055766cfd16ad44c91d40d0faa16ed913657375abea56dc69365585f02ad652899647515974500dd8704be28
-
SSDEEP
768:EXgqefjKf3Z6qSRnzpdwT1RIj1egKRFXSp/Dfm982r7DK:QgqeGB6qAnzpdw5Y0wLm9h+
Static task
static1
Behavioral task
behavioral1
Sample
eecf6c1f552ca12dca8086231c787a50N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eecf6c1f552ca12dca8086231c787a50N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
eecf6c1f552ca12dca8086231c787a50N.exe
-
Size
39KB
-
MD5
eecf6c1f552ca12dca8086231c787a50
-
SHA1
4e191fe4b486f7800384550311809537f300aad3
-
SHA256
b447d146d36dd7784ca1270850ec49ba600df047c24bbfe98354dcb8725944cc
-
SHA512
1e61657add10206b7bfc72b0fefa115027953345055766cfd16ad44c91d40d0faa16ed913657375abea56dc69365585f02ad652899647515974500dd8704be28
-
SSDEEP
768:EXgqefjKf3Z6qSRnzpdwT1RIj1egKRFXSp/Dfm982r7DK:QgqeGB6qAnzpdw5Y0wLm9h+
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1