General
-
Target
170453b601e65d779ac685656db4c462e1e04bc4bd39087a9616838b62372d73
-
Size
216KB
-
Sample
220212-d8qlpsfeg5
-
MD5
7178e549edce3e0db5cebd548ba816c7
-
SHA1
cf006c4ab4d680cd1eb11333fd4c44998b6ad2f7
-
SHA256
170453b601e65d779ac685656db4c462e1e04bc4bd39087a9616838b62372d73
-
SHA512
d499198515d02e6509078553dec7c7c3c855a2f74b4dd8bbd7d4c71bc0e54071c470819cc493206ce14328f712ba448e4e0cf93da7af8f3dfdecda762e4d224f
Malware Config
Targets
-
-
Target
170453b601e65d779ac685656db4c462e1e04bc4bd39087a9616838b62372d73
-
Size
216KB
-
MD5
7178e549edce3e0db5cebd548ba816c7
-
SHA1
cf006c4ab4d680cd1eb11333fd4c44998b6ad2f7
-
SHA256
170453b601e65d779ac685656db4c462e1e04bc4bd39087a9616838b62372d73
-
SHA512
d499198515d02e6509078553dec7c7c3c855a2f74b4dd8bbd7d4c71bc0e54071c470819cc493206ce14328f712ba448e4e0cf93da7af8f3dfdecda762e4d224f
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-