General
-
Target
69a517c521a2f9ce4013695a3d08d01fb175fefe46ee47438b3ed47098578a02
-
Size
92KB
-
Sample
241025-assvcayhqp
-
MD5
a4dbbbaf0f772f514dde3c96a3981c8d
-
SHA1
1297ae4756bb1a55d289967a37b92e245dfd3a1e
-
SHA256
69a517c521a2f9ce4013695a3d08d01fb175fefe46ee47438b3ed47098578a02
-
SHA512
ec8b95ef57a7f338fd518dd91bab07400de6b036a3dfd37ddfc3a8ce2a7d004a025efa4f03355c783cb31d7c6389787814b00f626c06de9716ff8dce6a6b4660
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr2:9bfVk29te2jqxCEtg30BS
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
69a517c521a2f9ce4013695a3d08d01fb175fefe46ee47438b3ed47098578a02
-
Size
92KB
-
MD5
a4dbbbaf0f772f514dde3c96a3981c8d
-
SHA1
1297ae4756bb1a55d289967a37b92e245dfd3a1e
-
SHA256
69a517c521a2f9ce4013695a3d08d01fb175fefe46ee47438b3ed47098578a02
-
SHA512
ec8b95ef57a7f338fd518dd91bab07400de6b036a3dfd37ddfc3a8ce2a7d004a025efa4f03355c783cb31d7c6389787814b00f626c06de9716ff8dce6a6b4660
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr2:9bfVk29te2jqxCEtg30BS
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1