General
-
Target
7d6ba1da4f5b2e43962fe4902245f4133f3026c714cf6fcc56cd4c1702cc2d7b
-
Size
355KB
-
Sample
240703-3v4c3ssfqk
-
MD5
9bcc123f6b5ee1d90b79dd78e7e0adc9
-
SHA1
2e096849c0e1c3a4938372c2e41f06ea3c759250
-
SHA256
7d6ba1da4f5b2e43962fe4902245f4133f3026c714cf6fcc56cd4c1702cc2d7b
-
SHA512
c60c4fdf87e4c61eae0b51001e04c17c078c7cbc6d696e0858aec19b6c5dab764ab92284a78867985268c311061eb789fe3004d3e407feb6adf522cdc088fbb6
-
SSDEEP
3072:c0hpgz6xGhYJF30Butn6rout1Rg8BsZh2:c0U6530BA6roS1a+
Malware Config
Targets
-
-
Target
7d6ba1da4f5b2e43962fe4902245f4133f3026c714cf6fcc56cd4c1702cc2d7b
-
Size
355KB
-
MD5
9bcc123f6b5ee1d90b79dd78e7e0adc9
-
SHA1
2e096849c0e1c3a4938372c2e41f06ea3c759250
-
SHA256
7d6ba1da4f5b2e43962fe4902245f4133f3026c714cf6fcc56cd4c1702cc2d7b
-
SHA512
c60c4fdf87e4c61eae0b51001e04c17c078c7cbc6d696e0858aec19b6c5dab764ab92284a78867985268c311061eb789fe3004d3e407feb6adf522cdc088fbb6
-
SSDEEP
3072:c0hpgz6xGhYJF30Butn6rout1Rg8BsZh2:c0U6530BA6roS1a+
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-