General
-
Target
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N
-
Size
92KB
-
Sample
241028-qkdnfsxphr
-
MD5
7abdb645d0f8cc0fbae041cde5e597e0
-
SHA1
d567468d66d5e2e5837ecda0f56d7f62941969fe
-
SHA256
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2
-
SHA512
b4b6e919e7fdc5d98c55f18efe73deff27568ee8458f8070ebb3d0078c808c7750077e6e421fea7099899b6112bee84c7fe7aec3686856f54848b475320472e6
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30BN
Behavioral task
behavioral1
Sample
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2N
-
Size
92KB
-
MD5
7abdb645d0f8cc0fbae041cde5e597e0
-
SHA1
d567468d66d5e2e5837ecda0f56d7f62941969fe
-
SHA256
e7f20e3ae52eac8c84dd1fb5664dc21e9b2f636147edc90e2f3e7b52d1c8b1a2
-
SHA512
b4b6e919e7fdc5d98c55f18efe73deff27568ee8458f8070ebb3d0078c808c7750077e6e421fea7099899b6112bee84c7fe7aec3686856f54848b475320472e6
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr5:9bfVk29te2jqxCEtg30BN
Score10/10-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1