General
-
Target
a5af4417b8648cd57eca23d49447ca355b7502531d2b5366be71f0b66a3b818eN
-
Size
101KB
-
Sample
241026-qk6dgavbnf
-
MD5
77d7d335c307086b4094ac4facd87d20
-
SHA1
949522519af2fbdf955522524f30b8767e18a667
-
SHA256
a5af4417b8648cd57eca23d49447ca355b7502531d2b5366be71f0b66a3b818e
-
SHA512
cbca06313c6fe0d5f32865dfc92821ff1481a6baa1101684ec7185e9ec3b71963f2db0040f39adf9a0019b6bd06bce815f77896dc4915be0b916ad1d971e0bde
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrGPTEzV:/bfVk29te2jqxCEtg30BibEB
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
a5af4417b8648cd57eca23d49447ca355b7502531d2b5366be71f0b66a3b818eN
-
Size
101KB
-
MD5
77d7d335c307086b4094ac4facd87d20
-
SHA1
949522519af2fbdf955522524f30b8767e18a667
-
SHA256
a5af4417b8648cd57eca23d49447ca355b7502531d2b5366be71f0b66a3b818e
-
SHA512
cbca06313c6fe0d5f32865dfc92821ff1481a6baa1101684ec7185e9ec3b71963f2db0040f39adf9a0019b6bd06bce815f77896dc4915be0b916ad1d971e0bde
-
SSDEEP
1536:9JbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrGPTEzV:/bfVk29te2jqxCEtg30BibEB
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1