General
-
Target
16ef621a256c1d95bb9c100d4fdb5db3425eb4a0ed34bcce2756069d3c7531f6
-
Size
80KB
-
Sample
220212-d9p2kafeh8
-
MD5
99ce488e6012226640f1162b618895dd
-
SHA1
537789a244026cc42363590620655ec4eaae7d71
-
SHA256
16ef621a256c1d95bb9c100d4fdb5db3425eb4a0ed34bcce2756069d3c7531f6
-
SHA512
82b8ed9d5434b5c654fd756bf47e65eee389855b4e6fd93c49f66ff16bf77d34d3164bed2a42c6c972c2319704623bc7e462c33e019bc5e91bfef88ad7e00a68
Malware Config
Targets
-
-
Target
16ef621a256c1d95bb9c100d4fdb5db3425eb4a0ed34bcce2756069d3c7531f6
-
Size
80KB
-
MD5
99ce488e6012226640f1162b618895dd
-
SHA1
537789a244026cc42363590620655ec4eaae7d71
-
SHA256
16ef621a256c1d95bb9c100d4fdb5db3425eb4a0ed34bcce2756069d3c7531f6
-
SHA512
82b8ed9d5434b5c654fd756bf47e65eee389855b4e6fd93c49f66ff16bf77d34d3164bed2a42c6c972c2319704623bc7e462c33e019bc5e91bfef88ad7e00a68
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-