General
-
Target
16fa9acc12320e7f7c6d8369ce383277c0ef9b918b9429a557faeb8a74bd2ef8
-
Size
92KB
-
Sample
220212-d8zvdafeg9
-
MD5
12742d5bee9896782f0f87aff8ab2810
-
SHA1
71af08cdf34354601fdc058f9c1685d5355dfe03
-
SHA256
16fa9acc12320e7f7c6d8369ce383277c0ef9b918b9429a557faeb8a74bd2ef8
-
SHA512
f513c5db2eb9deadbc3caabbaddcf0d35078c4e25aaa6341512f6c3c7eb935aabe1a10593a26590188a3991a27a7678cf25ed62dc05b0353dbd64d191dc3d97b
Malware Config
Targets
-
-
Target
16fa9acc12320e7f7c6d8369ce383277c0ef9b918b9429a557faeb8a74bd2ef8
-
Size
92KB
-
MD5
12742d5bee9896782f0f87aff8ab2810
-
SHA1
71af08cdf34354601fdc058f9c1685d5355dfe03
-
SHA256
16fa9acc12320e7f7c6d8369ce383277c0ef9b918b9429a557faeb8a74bd2ef8
-
SHA512
f513c5db2eb9deadbc3caabbaddcf0d35078c4e25aaa6341512f6c3c7eb935aabe1a10593a26590188a3991a27a7678cf25ed62dc05b0353dbd64d191dc3d97b
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-