General
-
Target
31b49e97bcc458bb89f86a0887fb68677c82805492072a07d73b52a667cb23b3N
-
Size
92KB
-
Sample
250113-h8tqkssldt
-
MD5
1867552ac2023be58f7ec27f67e006b0
-
SHA1
9bc7f29351c9452ca05a932b2ac48029bfb4c069
-
SHA256
31b49e97bcc458bb89f86a0887fb68677c82805492072a07d73b52a667cb23b3
-
SHA512
ab5c800c09dd8b44ab9c02ee08bc11bf1d173c04561876bc2819a5b43b859df2c7cb69d568c5a3675c00e165918ac1baead5522489ad4a1a39138ab783ab2eea
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrD:9bfVk29te2jqxCEtg30Bn
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
31b49e97bcc458bb89f86a0887fb68677c82805492072a07d73b52a667cb23b3N
-
Size
92KB
-
MD5
1867552ac2023be58f7ec27f67e006b0
-
SHA1
9bc7f29351c9452ca05a932b2ac48029bfb4c069
-
SHA256
31b49e97bcc458bb89f86a0887fb68677c82805492072a07d73b52a667cb23b3
-
SHA512
ab5c800c09dd8b44ab9c02ee08bc11bf1d173c04561876bc2819a5b43b859df2c7cb69d568c5a3675c00e165918ac1baead5522489ad4a1a39138ab783ab2eea
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrD:9bfVk29te2jqxCEtg30Bn
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1