sakula | 0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad | Triage

Sharing

General

Target

0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
Size

99KB
MD5

d2616dfac129f2af6b893987fb787584
SHA1

3b2ada756586062e3144696b9fed16bf65e30697
SHA256

0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
SHA512

057f1c2d8ec830f875122dc5700bd1d2cc5ad5804a1c9d7fdf043a56425b80da2c5d9226afb9e055d8800a9d8ddde1d8a8de9c3d9088fe575b9ed71365b5d0a9
SSDEEP

1536:Roaj1hJL1S9t0MIeboal8bCKxo7h0RPSaml0Nz30rtrd87:i0hpgz6xGhpamyF30B587

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0db561fc3320635e0bbd1ff8e481016e0c6f5698b7ba7191470e9db22e4033ad
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE