General
-
Target
AdobeUpdate.exe
-
Size
92KB
-
Sample
240916-3ef8lsvgmn
-
MD5
89ac522c6529b1acd707c577f5d50856
-
SHA1
68825e8aaba2a1d6ed4c0a5dbc7ef6e56f1924bb
-
SHA256
e6951bf69e44e8e89488f3d5f75d3432afdb150d3b6313b7ba5eda1786cf6d7b
-
SHA512
6a5d48a600bf58338863eb925dfca57624d9b8f357ccb3ae7c0a6a88dd3bc1a97a7198ec6ad5da66238bbf0a7bca3e7c73862e374c9b90a7e3dae72d00d7b67d
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrL:9bfVk29te2jqxCEtg30BX
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
AdobeUpdate.exe
-
Size
92KB
-
MD5
89ac522c6529b1acd707c577f5d50856
-
SHA1
68825e8aaba2a1d6ed4c0a5dbc7ef6e56f1924bb
-
SHA256
e6951bf69e44e8e89488f3d5f75d3432afdb150d3b6313b7ba5eda1786cf6d7b
-
SHA512
6a5d48a600bf58338863eb925dfca57624d9b8f357ccb3ae7c0a6a88dd3bc1a97a7198ec6ad5da66238bbf0a7bca3e7c73862e374c9b90a7e3dae72d00d7b67d
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrL:9bfVk29te2jqxCEtg30BX
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1