sakula | 123ac4791240d699e71ae3e7ddd2c62bb5d074a8e743a09cf3794f9db85da6e8 | Triage

Sharing

General

Target

123ac4791240d699e71ae3e7ddd2c62bb5d074a8e743a09cf3794f9db85da6e8
Size

99KB
MD5

20659c50c15dba08175904b5aa6b8d04
SHA1

15454620e4607f6d57c99a0023cb90b3c49aebba
SHA256

123ac4791240d699e71ae3e7ddd2c62bb5d074a8e743a09cf3794f9db85da6e8
SHA512

e70fb803d8fce08dd6c70a96197f4b4e019e4c24355602366c99f9fdb50984e860c17700a265d9691e63d1e0496346bb8bcba51f558247dce8093888c60e6e9a
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrYx3:i0hpgz6xGhZamyF30B8x3

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

123ac4791240d699e71ae3e7ddd2c62bb5d074a8e743a09cf3794f9db85da6e8
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE