General
-
Target
6ba7293287645ba46d1f71b211ef8a7b7ff79af0e69a97efca70c2910cd5e444
-
Size
92KB
-
Sample
241108-abmxrszmhy
-
MD5
6bcb7e376f390f2c439f0cdafa9cf67f
-
SHA1
c5e94ff3a9a017e19deb439bccd9885260b2b70a
-
SHA256
6ba7293287645ba46d1f71b211ef8a7b7ff79af0e69a97efca70c2910cd5e444
-
SHA512
18896a7e820551d3b70c34f609676b67d4fdb97403f3ae71f69fbdd36f7b16a26f9e79657d02d7f207e5f37035f9da24d72bd2e770e843e53992f451717c96eb
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrh:9bfVk29te2jqxCEtg30BF
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
6ba7293287645ba46d1f71b211ef8a7b7ff79af0e69a97efca70c2910cd5e444
-
Size
92KB
-
MD5
6bcb7e376f390f2c439f0cdafa9cf67f
-
SHA1
c5e94ff3a9a017e19deb439bccd9885260b2b70a
-
SHA256
6ba7293287645ba46d1f71b211ef8a7b7ff79af0e69a97efca70c2910cd5e444
-
SHA512
18896a7e820551d3b70c34f609676b67d4fdb97403f3ae71f69fbdd36f7b16a26f9e79657d02d7f207e5f37035f9da24d72bd2e770e843e53992f451717c96eb
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrh:9bfVk29te2jqxCEtg30BF
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1