General

  • Target

    451326adfc4d824ced6cb1171080aca672f1338525475a37d4f91df19de39688N

  • Size

    92KB

  • Sample

    241010-qdjk5asdnl

  • MD5

    dcab3163d20350622f32bf4c421abb20

  • SHA1

    a6369b2c22fc1d6f1298ab7ed439a7194c660617

  • SHA256

    451326adfc4d824ced6cb1171080aca672f1338525475a37d4f91df19de39688

  • SHA512

    fcb2b0ae3d9c392da840528458bc38112f9ba8d86e6929aef3d335c7f006d5a35c39e7d2d6c98d6334c4b351e27453a462f02c5183802a3e474d61bb6802b1f9

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      451326adfc4d824ced6cb1171080aca672f1338525475a37d4f91df19de39688N

    • Size

      92KB

    • MD5

      dcab3163d20350622f32bf4c421abb20

    • SHA1

      a6369b2c22fc1d6f1298ab7ed439a7194c660617

    • SHA256

      451326adfc4d824ced6cb1171080aca672f1338525475a37d4f91df19de39688

    • SHA512

      fcb2b0ae3d9c392da840528458bc38112f9ba8d86e6929aef3d335c7f006d5a35c39e7d2d6c98d6334c4b351e27453a462f02c5183802a3e474d61bb6802b1f9

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr6:9bfVk29te2jqxCEtg30BG

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks