General
-
Target
9ff52bd293458a8cd21cde8436fe5294fdde0d91696f00c81d4f3bb746408fdeN.exe
-
Size
92KB
-
Sample
241127-hs54nsspe1
-
MD5
0b0e01a0487dd3114ceffa1c22cfef20
-
SHA1
7cf603c89c0c2bb1b7c913e8a5a4a4a8eb0c7a56
-
SHA256
9ff52bd293458a8cd21cde8436fe5294fdde0d91696f00c81d4f3bb746408fde
-
SHA512
56b7dd22281939d44a7cd17f003e145b936de7798bb2f88a76f4f5d24383555b9091eba67a9432ebc23642043cfc538ea6269dba48487d40c1b3e0d4ea64c82e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr4:9bfVk29te2jqxCEtg30Bc
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
9ff52bd293458a8cd21cde8436fe5294fdde0d91696f00c81d4f3bb746408fdeN.exe
-
Size
92KB
-
MD5
0b0e01a0487dd3114ceffa1c22cfef20
-
SHA1
7cf603c89c0c2bb1b7c913e8a5a4a4a8eb0c7a56
-
SHA256
9ff52bd293458a8cd21cde8436fe5294fdde0d91696f00c81d4f3bb746408fde
-
SHA512
56b7dd22281939d44a7cd17f003e145b936de7798bb2f88a76f4f5d24383555b9091eba67a9432ebc23642043cfc538ea6269dba48487d40c1b3e0d4ea64c82e
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtr4:9bfVk29te2jqxCEtg30Bc
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1