General
-
Target
195c836067710ddf28cf9ff372aca05eb34c117febd7d280a5489f151c59733c
-
Size
150KB
-
Sample
220212-dbq6zafbc2
-
MD5
4e962d3974ac5f369b5cf1be5992fb93
-
SHA1
f6733357bed7876507cb03b5d8ef2f666f318455
-
SHA256
195c836067710ddf28cf9ff372aca05eb34c117febd7d280a5489f151c59733c
-
SHA512
b637cc56df08252f322b78cb1a66843d8ae28932760cdc58a7915966774c1a4566e1c960a7a65d6a2ba63b8f4e40c4972eed1d853378e0a63e80240bb06eb1f0
Malware Config
Targets
-
-
Target
195c836067710ddf28cf9ff372aca05eb34c117febd7d280a5489f151c59733c
-
Size
150KB
-
MD5
4e962d3974ac5f369b5cf1be5992fb93
-
SHA1
f6733357bed7876507cb03b5d8ef2f666f318455
-
SHA256
195c836067710ddf28cf9ff372aca05eb34c117febd7d280a5489f151c59733c
-
SHA512
b637cc56df08252f322b78cb1a66843d8ae28932760cdc58a7915966774c1a4566e1c960a7a65d6a2ba63b8f4e40c4972eed1d853378e0a63e80240bb06eb1f0
Score10/10-
Sakula
Sakula is a remote access trojan with various capabilities.
-
Sakula Payload
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-