General
-
Target
c0d200da66ed310cb501886ae3eb8feeac8905c9ac7847d7b04c5295bfd5a4a9.exe
-
Size
92KB
-
Sample
241210-pzkvms1kaj
-
MD5
e76317033682333166458d92c0d7bb4a
-
SHA1
437bc205fca3a0fe8d355b76e8aa9d053d0d774f
-
SHA256
c0d200da66ed310cb501886ae3eb8feeac8905c9ac7847d7b04c5295bfd5a4a9
-
SHA512
2ef6e06b59824f3f854b04be8aed26be2855815269fbeba9bb471ada3cfa9d35bfc8ec1a6a87ad42a551827f6a529c5bbe73a766ce0490402c2fadef60b49f7c
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrO:9bfVk29te2jqxCEtg30By
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
c0d200da66ed310cb501886ae3eb8feeac8905c9ac7847d7b04c5295bfd5a4a9.exe
-
Size
92KB
-
MD5
e76317033682333166458d92c0d7bb4a
-
SHA1
437bc205fca3a0fe8d355b76e8aa9d053d0d774f
-
SHA256
c0d200da66ed310cb501886ae3eb8feeac8905c9ac7847d7b04c5295bfd5a4a9
-
SHA512
2ef6e06b59824f3f854b04be8aed26be2855815269fbeba9bb471ada3cfa9d35bfc8ec1a6a87ad42a551827f6a529c5bbe73a766ce0490402c2fadef60b49f7c
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrO:9bfVk29te2jqxCEtg30By
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1