General

  • Target

    c94018408e16eb3b178a2d80e0347083ec8db00889915207ed3bb58206f4ac60N.exe

  • Size

    92KB

  • Sample

    250208-bmvmesylck

  • MD5

    f98ffe884c8a96826f3733b546c7acb0

  • SHA1

    1a0cefbb2da2707e05116bf430379bde9a984788

  • SHA256

    c94018408e16eb3b178a2d80e0347083ec8db00889915207ed3bb58206f4ac60

  • SHA512

    2d00aa8cd3e8719ef092b9daede6362a98f4a7e3dd5264bcaf9ca5e579c6d0e664b4a9cc48705d06590a8da5ad7df2771af552da57ffd3301760d8a55a6f568a

  • SSDEEP

    1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrc:9bfVk29te2jqxCEtg30BQ

Malware Config

Extracted

Family

sakula

C2

www.savmpet.com

Targets

    • Target

      c94018408e16eb3b178a2d80e0347083ec8db00889915207ed3bb58206f4ac60N.exe

    • Size

      92KB

    • MD5

      f98ffe884c8a96826f3733b546c7acb0

    • SHA1

      1a0cefbb2da2707e05116bf430379bde9a984788

    • SHA256

      c94018408e16eb3b178a2d80e0347083ec8db00889915207ed3bb58206f4ac60

    • SHA512

      2d00aa8cd3e8719ef092b9daede6362a98f4a7e3dd5264bcaf9ca5e579c6d0e664b4a9cc48705d06590a8da5ad7df2771af552da57ffd3301760d8a55a6f568a

    • SSDEEP

      1536:TJbCiJVkgMaT2itTkjoRXnM48dXFajVPYxCEtkz30rtrc:9bfVk29te2jqxCEtg30BQ

    • Sakula

      Sakula is a remote access trojan with various capabilities.

    • Sakula family

    • Sakula payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks