General
-
Target
196d033e43532bd6452e465d196210a14877db20252c0f591165cbad3b7f0f2a
-
Size
216KB
-
Sample
220212-datwgafbb4
-
MD5
b037d2fa2e37e936c04dcedeb6c47086
-
SHA1
014e052c4759cf1232eae28f5b2e45fcdb80df50
-
SHA256
196d033e43532bd6452e465d196210a14877db20252c0f591165cbad3b7f0f2a
-
SHA512
3e937aa1a98df42f594343b8d1ec0914e48f2557a9a85cfe8ace5d021ef59ca32d5da85b941d6cac0005b4895bd9143d3f3e3c1a5e2c2a39454f5b9540b2309d
Malware Config
Targets
-
-
Target
196d033e43532bd6452e465d196210a14877db20252c0f591165cbad3b7f0f2a
-
Size
216KB
-
MD5
b037d2fa2e37e936c04dcedeb6c47086
-
SHA1
014e052c4759cf1232eae28f5b2e45fcdb80df50
-
SHA256
196d033e43532bd6452e465d196210a14877db20252c0f591165cbad3b7f0f2a
-
SHA512
3e937aa1a98df42f594343b8d1ec0914e48f2557a9a85cfe8ace5d021ef59ca32d5da85b941d6cac0005b4895bd9143d3f3e3c1a5e2c2a39454f5b9540b2309d
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-