General
-
Target
27084ac0fb05ef343072f8d964c1a73a4aae4272d34459405892018451d01b73
-
Size
102KB
-
Sample
241023-x5r5xaybjl
-
MD5
b4da67b4de3654c9091e14c09d3b294e
-
SHA1
0d0a7a6e4dd65448f2aeccaab255788fa548f788
-
SHA256
27084ac0fb05ef343072f8d964c1a73a4aae4272d34459405892018451d01b73
-
SHA512
8ff44f2fa695b6e0df77eb2111f940f13ea95fe6d5532489fed74d992304cbdffa7028ebe76044d4857452bf3b6b6d88bffd2b522eff9669324f5606fc0ff0e1
-
SSDEEP
1536:jJbCiJVkgMaT2itTkjoRXnM48dXFajVPkPLnlxsz30rtrQ39i:tbfVk29te2juPLlxo30Bs39i
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
27084ac0fb05ef343072f8d964c1a73a4aae4272d34459405892018451d01b73
-
Size
102KB
-
MD5
b4da67b4de3654c9091e14c09d3b294e
-
SHA1
0d0a7a6e4dd65448f2aeccaab255788fa548f788
-
SHA256
27084ac0fb05ef343072f8d964c1a73a4aae4272d34459405892018451d01b73
-
SHA512
8ff44f2fa695b6e0df77eb2111f940f13ea95fe6d5532489fed74d992304cbdffa7028ebe76044d4857452bf3b6b6d88bffd2b522eff9669324f5606fc0ff0e1
-
SSDEEP
1536:jJbCiJVkgMaT2itTkjoRXnM48dXFajVPkPLnlxsz30rtrQ39i:tbfVk29te2juPLlxo30Bs39i
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1