General
-
Target
easy_Malicious_04f2c26a27bcd27c510583fc16a566bab40ba76c3c573f065439ec0794934339.exe
-
Size
418KB
-
Sample
230704-snv31sgb41
-
MD5
1ab5eb4a17127c6b5e4ae15a8757737c
-
SHA1
e3a9ef10f4badc0904f8be060945c5fab383ac49
-
SHA256
f3f4e690f55d8246bbb2c456dba2b551fa77ecedf273b83480f2e0f37f1219c0
-
SHA512
ebe284500429696a15351ee24be0683a1a0380d0cd9298504f2ef363cc94d31bbbe65721d47b04801a1319d4114497240acd7747415e41d1cc4c42669ccb0f2a
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5f:0RfQn+w8EYiBlMkn5f9J105i
Malware Config
Extracted
sakula
www.polarroute.com
Targets
-
-
Target
easy_Malicious_04f2c26a27bcd27c510583fc16a566bab40ba76c3c573f065439ec0794934339.exe
-
Size
418KB
-
MD5
1ab5eb4a17127c6b5e4ae15a8757737c
-
SHA1
e3a9ef10f4badc0904f8be060945c5fab383ac49
-
SHA256
f3f4e690f55d8246bbb2c456dba2b551fa77ecedf273b83480f2e0f37f1219c0
-
SHA512
ebe284500429696a15351ee24be0683a1a0380d0cd9298504f2ef363cc94d31bbbe65721d47b04801a1319d4114497240acd7747415e41d1cc4c42669ccb0f2a
-
SSDEEP
6144:M29qRfVSndj30B3wBxE1+ijiBKk3etdgI2MyzNORQtOfl1qNVo7R+S+N/TU7kn5f:0RfQn+w8EYiBlMkn5f9J105i
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-