General
-
Target
edba0100ea427523538a42a1679499d0N
-
Size
92KB
-
Sample
240908-qpr2ms1aqb
-
MD5
edba0100ea427523538a42a1679499d0
-
SHA1
cf83851afd3e0eb7d1ee87ccfb4ccc1eca295535
-
SHA256
699bf4d75e5511063c45d055ae51ac35b811111acc6f2c0090b767d5d7814995
-
SHA512
612bf6edf8e18662452404f626ac46ea97ed9002a3e344aff296666d0c9bcde4bf656862bced3bc4bf7f259670749c6f6233b29a2c18b53c02fa6538f7ddc911
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrs:9bfVk29te2jqxCEtg30B4
Behavioral task
behavioral1
Sample
edba0100ea427523538a42a1679499d0N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
edba0100ea427523538a42a1679499d0N.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
edba0100ea427523538a42a1679499d0N
-
Size
92KB
-
MD5
edba0100ea427523538a42a1679499d0
-
SHA1
cf83851afd3e0eb7d1ee87ccfb4ccc1eca295535
-
SHA256
699bf4d75e5511063c45d055ae51ac35b811111acc6f2c0090b767d5d7814995
-
SHA512
612bf6edf8e18662452404f626ac46ea97ed9002a3e344aff296666d0c9bcde4bf656862bced3bc4bf7f259670749c6f6233b29a2c18b53c02fa6538f7ddc911
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrs:9bfVk29te2jqxCEtg30B4
Score10/10-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1