General
-
Target
4a3f81f6a36fdc2f32cb34e43a733bb1bee711a5e718ddb99683400057591fb9
-
Size
92KB
-
Sample
241016-za9sksvdqr
-
MD5
34b27d3c74c23ed2abc40799daa09b34
-
SHA1
9200c2eabc8dddb2501442b5718b24174f3a051c
-
SHA256
4a3f81f6a36fdc2f32cb34e43a733bb1bee711a5e718ddb99683400057591fb9
-
SHA512
e271124804e088b5ed9fc8ac809f88c9300e9e6f3da0955d4619378c2c0800060b317b04d86d137561a67ca71dbdf0a86a944398297ff0b0d4248b5b454842f8
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrr:9bfVk29te2jqxCEtg30BH
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
4a3f81f6a36fdc2f32cb34e43a733bb1bee711a5e718ddb99683400057591fb9
-
Size
92KB
-
MD5
34b27d3c74c23ed2abc40799daa09b34
-
SHA1
9200c2eabc8dddb2501442b5718b24174f3a051c
-
SHA256
4a3f81f6a36fdc2f32cb34e43a733bb1bee711a5e718ddb99683400057591fb9
-
SHA512
e271124804e088b5ed9fc8ac809f88c9300e9e6f3da0955d4619378c2c0800060b317b04d86d137561a67ca71dbdf0a86a944398297ff0b0d4248b5b454842f8
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrr:9bfVk29te2jqxCEtg30BH
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1