General
-
Target
4ea0d36d06d16623c6dce977eaa71550b1c941eced7ca29809a6ace8d273a050
-
Size
100KB
-
Sample
240410-1fcwgaca78
-
MD5
996a605326b99a3587f7282a128bc61f
-
SHA1
667983f98899ec37ffb6a20c3108011258f4b527
-
SHA256
4ea0d36d06d16623c6dce977eaa71550b1c941eced7ca29809a6ace8d273a050
-
SHA512
12f468ab81ccf9975c32e8a0945d1f660469d10af0d0f2bf1613a701c08f67625b204dfa4200825d05a0c907773ba1b79cfc716cb93df8b815b1b59e96053547
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxR:K0hpgz6xGhZamyF30BNxR
Malware Config
Targets
-
-
Target
4ea0d36d06d16623c6dce977eaa71550b1c941eced7ca29809a6ace8d273a050
-
Size
100KB
-
MD5
996a605326b99a3587f7282a128bc61f
-
SHA1
667983f98899ec37ffb6a20c3108011258f4b527
-
SHA256
4ea0d36d06d16623c6dce977eaa71550b1c941eced7ca29809a6ace8d273a050
-
SHA512
12f468ab81ccf9975c32e8a0945d1f660469d10af0d0f2bf1613a701c08f67625b204dfa4200825d05a0c907773ba1b79cfc716cb93df8b815b1b59e96053547
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxR:K0hpgz6xGhZamyF30BNxR
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-