General
-
Target
02f085e7d3ba7caf5a823ee197abfb71692a532f94d919a0e93bf0d0792e7921
-
Size
92KB
-
Sample
250104-xvglesvkhl
-
MD5
94257f9f7d3d546c12586d05b4695df9
-
SHA1
4c815ff91f0556d070cf41060a17e0f6649c2303
-
SHA256
02f085e7d3ba7caf5a823ee197abfb71692a532f94d919a0e93bf0d0792e7921
-
SHA512
3a69755ccb356484b8c4cd14f8ff15a1ebdde6094b543a179d2a7e354143fd0863823ebb1ec89bd225c4faaf9a5578ecf05e2658c188cb9747399641601c29d3
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrN:9bfVk29te2jqxCEtg30Bp
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
02f085e7d3ba7caf5a823ee197abfb71692a532f94d919a0e93bf0d0792e7921
-
Size
92KB
-
MD5
94257f9f7d3d546c12586d05b4695df9
-
SHA1
4c815ff91f0556d070cf41060a17e0f6649c2303
-
SHA256
02f085e7d3ba7caf5a823ee197abfb71692a532f94d919a0e93bf0d0792e7921
-
SHA512
3a69755ccb356484b8c4cd14f8ff15a1ebdde6094b543a179d2a7e354143fd0863823ebb1ec89bd225c4faaf9a5578ecf05e2658c188cb9747399641601c29d3
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrN:9bfVk29te2jqxCEtg30Bp
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1