General
-
Target
76cd423ca010107efe0014d35d7c7f2a0f017ebfb0a43359ba7729bfb60a7527
-
Size
100KB
-
Sample
240410-3dzcsseb44
-
MD5
37a44fbce575abae7de444526d4a9557
-
SHA1
09451ccdbff9d83e89f0a043ae6f1b540c180c0d
-
SHA256
76cd423ca010107efe0014d35d7c7f2a0f017ebfb0a43359ba7729bfb60a7527
-
SHA512
5dcf9b4b97b098338ea61b76d89f58ce887bd8274b7478a91594942b8d5161500944090261a7b092c5f4a1ab8877d9edf29958b0a54d4c38310e55fac55f2904
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxC:K0hpgz6xGhZamyF30BNxC
Malware Config
Targets
-
-
Target
76cd423ca010107efe0014d35d7c7f2a0f017ebfb0a43359ba7729bfb60a7527
-
Size
100KB
-
MD5
37a44fbce575abae7de444526d4a9557
-
SHA1
09451ccdbff9d83e89f0a043ae6f1b540c180c0d
-
SHA256
76cd423ca010107efe0014d35d7c7f2a0f017ebfb0a43359ba7729bfb60a7527
-
SHA512
5dcf9b4b97b098338ea61b76d89f58ce887bd8274b7478a91594942b8d5161500944090261a7b092c5f4a1ab8877d9edf29958b0a54d4c38310e55fac55f2904
-
SSDEEP
1536:Zoaj1hJL1S9t0MIeboal8bCKxo7h0RPaaml0Nz30rtrJxC:K0hpgz6xGhZamyF30BNxC
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula payload
-
Detects executables built or packed with MPress PE compressor
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-