General
-
Target
770054a538368917bb336ac640ed7ea0a02ea7c60a5ce15b0b6a65981358c23b.exe
-
Size
92KB
-
Sample
250120-3yhwjswjgl
-
MD5
5684f943870ad8217a42a9c9b8a41b67
-
SHA1
753c160c5144c5b3d424049000dbaf59c37cc711
-
SHA256
770054a538368917bb336ac640ed7ea0a02ea7c60a5ce15b0b6a65981358c23b
-
SHA512
5a0a725734f56b9b4201a95e41255154862f95fc9044a0c18d9be5b23092c971927ce8009af79245485d47745d194412380e359e8cb823b884ea8b8ed909f6e5
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrp:9bfVk29te2jqxCEtg30BF
Malware Config
Extracted
sakula
www.savmpet.com
Targets
-
-
Target
770054a538368917bb336ac640ed7ea0a02ea7c60a5ce15b0b6a65981358c23b.exe
-
Size
92KB
-
MD5
5684f943870ad8217a42a9c9b8a41b67
-
SHA1
753c160c5144c5b3d424049000dbaf59c37cc711
-
SHA256
770054a538368917bb336ac640ed7ea0a02ea7c60a5ce15b0b6a65981358c23b
-
SHA512
5a0a725734f56b9b4201a95e41255154862f95fc9044a0c18d9be5b23092c971927ce8009af79245485d47745d194412380e359e8cb823b884ea8b8ed909f6e5
-
SSDEEP
1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrp:9bfVk29te2jqxCEtg30BF
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula family
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1