General

  • Target

    e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N

  • Size

    92KB

  • Sample

    241028-qkdnfsxphr

  • MD5

    7abdb645d0f8cc0fbae041cde5e597e0

  • SHA1

    d567468d66d5e2e5837ecda0f56d7f62941969fe

  • SHA256

    e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2

  • SHA512

    b4b6e919e7fdc5d98c55f18efe73deff27568ee8458f8070ebb3d0078c808c7750077e6e421fea7099899b6112bee84c7fe7aec3686856f54848b475320472e6

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30BN

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N

    • Size

      92KB

    • MD5

      7abdb645d0f8cc0fbae041cde5e597e0

    • SHA1

      d567468d66d5e2e5837ecda0f56d7f62941969fe

    • SHA256

      e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2

    • SHA512

      b4b6e919e7fdc5d98c55f18efe73deff27568ee8458f8070ebb3d0078c808c7750077e6e421fea7099899b6112bee84c7fe7aec3686856f54848b475320472e6

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30BN

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks