General
-
Target
6d06bef429a7917dd356eada9dd755864c993fdd39422d3c0a5c8c27d65a4120N
-
Size
92KB
-
Sample
240918-dj7tpazane
-
MD5
27beee5d2fafda570c675f78442bcb70
-
SHA1
48481f21a3c9d087dcdf1be6416ebf1f14b08c72
-
SHA256
6d06bef429a7917dd356eada9dd755864c993fdd39422d3c0a5c8c27d65a4120
-
SHA512
e092db9627c7f2e053b3054fd878f907c807353890f80c894b31eb165367f6d4338179773e7fa6a5571479716d3432f2fa01d1dc4bddbcc8fe34565167932b2c
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrt:9bfVk29te2jqxCEtg30BR
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
6d06bef429a7917dd356eada9dd755864c993fdd39422d3c0a5c8c27d65a4120N
-
Size
92KB
-
MD5
27beee5d2fafda570c675f78442bcb70
-
SHA1
48481f21a3c9d087dcdf1be6416ebf1f14b08c72
-
SHA256
6d06bef429a7917dd356eada9dd755864c993fdd39422d3c0a5c8c27d65a4120
-
SHA512
e092db9627c7f2e053b3054fd878f907c807353890f80c894b31eb165367f6d4338179773e7fa6a5571479716d3432f2fa01d1dc4bddbcc8fe34565167932b2c
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrt:9bfVk29te2jqxCEtg30BR
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1