General
-
Target
5de972db04b748b5128a2b3da9fe71ad48c8f951cf69289197588c251dc39207
-
Size
43KB
-
Sample
240621-1yt8gaseka
-
MD5
0ccf11e2f37a885ed451852ac41ff691
-
SHA1
78ff3d6a9ad8c61b38649926ba09e0207febe0b5
-
SHA256
5de972db04b748b5128a2b3da9fe71ad48c8f951cf69289197588c251dc39207
-
SHA512
ffdb5156e1ef5bad58cf14693c4316beb615c06c0abf8378fd9abf51668f955017c343355074aaec7252703fb5abae10607de9e3a861da23c37f500bd0185324
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqj:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8h
Malware Config
Targets
-
-
Target
5de972db04b748b5128a2b3da9fe71ad48c8f951cf69289197588c251dc39207
-
Size
43KB
-
MD5
0ccf11e2f37a885ed451852ac41ff691
-
SHA1
78ff3d6a9ad8c61b38649926ba09e0207febe0b5
-
SHA256
5de972db04b748b5128a2b3da9fe71ad48c8f951cf69289197588c251dc39207
-
SHA512
ffdb5156e1ef5bad58cf14693c4316beb615c06c0abf8378fd9abf51668f955017c343355074aaec7252703fb5abae10607de9e3a861da23c37f500bd0185324
-
SSDEEP
768:+U9XnKJv8KrtPNxT4oreP7cIK3yQpdk6x8pf9m4P/S0hVvIZiGDZ6RO8nHE8taqj:+U9abrtX4oocIK3yQkaY9z/S0hhy6k8h
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-