sakula | 0b4f98b2c4707095fb262fc19cde0ece98c55e3c3c3a80b54cef4eb827587ad7 | Triage

Sharing

General

Target

0b4f98b2c4707095fb262fc19cde0ece98c55e3c3c3a80b54cef4eb827587ad7
Size

152KB
MD5

6778e78f1c00c3bf6f8ce8c9bf867a27
SHA1

99a8d40230eff419c8fbc30cee8d6234b96b38ea
SHA256

0b4f98b2c4707095fb262fc19cde0ece98c55e3c3c3a80b54cef4eb827587ad7
SHA512

0412507308eff3a64d2a74456b1d43b3fc630543fc942658053a757cac9338df96bff03ef7a5b80aa0c52e08e3ae103c0b7f6e880a52365e4fd14e10dc5d28c3
SSDEEP

3072:H29DkEGRQixVSjLLJ30BWPOt5dQw+hyuGDInwV:H29qRfVSnt30Bbt+IhDFV

Score

10^/10

sakula

Malware Config

Signatures

Sakula Payload 1 IoCs

Processes:

resource yara_rule

sample family_sakula
Sakula family
sakula

Files

0b4f98b2c4707095fb262fc19cde0ece98c55e3c3c3a80b54cef4eb827587ad7
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.Upack
Size: 107KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE