General
-
Target
7c0c4f2d3643da3ab6c2fe5950504ef75dfeef73f0501b39b2367a4e193ad8bc
-
Size
92KB
-
Sample
240924-23hkxazhrk
-
MD5
4ed5ed11f31b2137022b7e8443298d61
-
SHA1
b09b228b89d146fba0de6b3c1354903d46b27fb0
-
SHA256
7c0c4f2d3643da3ab6c2fe5950504ef75dfeef73f0501b39b2367a4e193ad8bc
-
SHA512
d484e89289e20334674d9e7ef73fefe80cd4bbec73161fb9efcee1bd8e0188cd42e63579718e08a1ea6a37c6c18609777fce19db78660e4d33278bcab4e7b193
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrS:9bfVk29te2jqxCEtg30B+
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
7c0c4f2d3643da3ab6c2fe5950504ef75dfeef73f0501b39b2367a4e193ad8bc
-
Size
92KB
-
MD5
4ed5ed11f31b2137022b7e8443298d61
-
SHA1
b09b228b89d146fba0de6b3c1354903d46b27fb0
-
SHA256
7c0c4f2d3643da3ab6c2fe5950504ef75dfeef73f0501b39b2367a4e193ad8bc
-
SHA512
d484e89289e20334674d9e7ef73fefe80cd4bbec73161fb9efcee1bd8e0188cd42e63579718e08a1ea6a37c6c18609777fce19db78660e4d33278bcab4e7b193
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrS:9bfVk29te2jqxCEtg30B+
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1