General

  • Target

    edba0100ea427523538a42a1679499d0N

  • Size

    92KB

  • Sample

    240908-qpr2ms1aqb

  • MD5

    edba0100ea427523538a42a1679499d0

  • SHA1

    cf83851afd3e0eb7d1ee87ccfb4ccc1eca295535

  • SHA256

    699bf4d75e5511063c45d055ae51ac35b811111acc6f2c0090b767d5d7814995

  • SHA512

    612bf6edf8e18662452404f626ac46ea97ed9002a3e344aff296666d0c9bcde4bf656862bced3bc4bf7f259670749c6f6233b29a2c18b53c02fa6538f7ddc911

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrs:9bfVk29te2jqxCEtg30B4

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      edba0100ea427523538a42a1679499d0N

    • Size

      92KB

    • MD5

      edba0100ea427523538a42a1679499d0

    • SHA1

      cf83851afd3e0eb7d1ee87ccfb4ccc1eca295535

    • SHA256

      699bf4d75e5511063c45d055ae51ac35b811111acc6f2c0090b767d5d7814995

    • SHA512

      612bf6edf8e18662452404f626ac46ea97ed9002a3e344aff296666d0c9bcde4bf656862bced3bc4bf7f259670749c6f6233b29a2c18b53c02fa6538f7ddc911

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrs:9bfVk29te2jqxCEtg30B4

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks