General
-
Target
1737e5a63ad9f153bab3b2a0f95688e109f0e4545bd95feae5db98efa9568674
-
Size
89KB
-
Sample
220212-d5zp7sfed9
-
MD5
5dc40dda5d5cfaf96ddd9c4636e8d0cd
-
SHA1
3456a3fa56f218135b251eb45d429869acf3f5b7
-
SHA256
1737e5a63ad9f153bab3b2a0f95688e109f0e4545bd95feae5db98efa9568674
-
SHA512
3c390baa17776868f022b0c798eb52549fbbc5dab5ebfc48d8b1c974a988861bf2d3cba59634b8e82cff71d05ff4847b04f294520f10767a35e2ef54380249ec
Malware Config
Targets
-
-
Target
1737e5a63ad9f153bab3b2a0f95688e109f0e4545bd95feae5db98efa9568674
-
Size
89KB
-
MD5
5dc40dda5d5cfaf96ddd9c4636e8d0cd
-
SHA1
3456a3fa56f218135b251eb45d429869acf3f5b7
-
SHA256
1737e5a63ad9f153bab3b2a0f95688e109f0e4545bd95feae5db98efa9568674
-
SHA512
3c390baa17776868f022b0c798eb52549fbbc5dab5ebfc48d8b1c974a988861bf2d3cba59634b8e82cff71d05ff4847b04f294520f10767a35e2ef54380249ec
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-