General
-
Target
1740e8ae83a4680943c691cdd172735293c70f8c56e8532d519580f280df69a9
-
Size
99KB
-
Sample
220212-d5jc8afed5
-
MD5
f91378b0ac8c86132e4aca14af54dab0
-
SHA1
38633165b61921dffe7b8af7da45708087084afb
-
SHA256
1740e8ae83a4680943c691cdd172735293c70f8c56e8532d519580f280df69a9
-
SHA512
96ac6e494285a8887cc79ec84c17e2a4f5794be7a51bb8ed5d18c978135853ded5236e4f472f1a5194ee23845d01a7bb08e25a632fc950a7a448177cc74c9405
Malware Config
Targets
-
-
Target
1740e8ae83a4680943c691cdd172735293c70f8c56e8532d519580f280df69a9
-
Size
99KB
-
MD5
f91378b0ac8c86132e4aca14af54dab0
-
SHA1
38633165b61921dffe7b8af7da45708087084afb
-
SHA256
1740e8ae83a4680943c691cdd172735293c70f8c56e8532d519580f280df69a9
-
SHA512
96ac6e494285a8887cc79ec84c17e2a4f5794be7a51bb8ed5d18c978135853ded5236e4f472f1a5194ee23845d01a7bb08e25a632fc950a7a448177cc74c9405
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-